microsoft-365
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill manages authentication securely by referencing the environment variable $MICROSOFT_365_TOKEN, preventing credential exposure.
- [SAFE]: All API interactions are conducted with graph.microsoft.com, which is an established and trusted service endpoint.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads untrusted data from Microsoft 365.
- Ingestion points: Fetching OneDrive file content and Teams channel messages in SKILL.md.
- Boundary markers: No delimiters or safety instructions are used to separate user-provided content from agent instructions.
- Capability inventory: The skill uses curl for network requests and interacts with the /tmp directory.
- Sanitization: There is no evidence of filtering or escaping external content before it enters the agent's context.
Audit Metadata