The Agent Skills Directory

COMMAND_EXECUTION (MEDIUM): The skill implements high-privilege administrative actions within Microsoft 365.
Evidence: scripts/create_m365_users.ts contains deleteUser and resetPassword functions.
Evidence: scripts/configure_teams.ts contains deleteTeam and removeMember functions.
Impact: Malicious or accidental invocation could result in significant tenant disruption or unauthorized access. Because these are primary functions of the skill, the severity is downgraded to MEDIUM.
DATA_EXFILTRATION (MEDIUM): The skill provides tools to read and transmit sensitive organizational data.
Evidence: scripts/setup_exchange.ts provides getInboxMessages to read emails and sendMessage/forwardMessage to send data externally.
Impact: Sensitive communications can be accessed and exfiltrated by the agent.
PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection due to the combination of its data-reading and high-privilege command capabilities.
Ingestion points: getInboxMessages in scripts/setup_exchange.ts reads potentially attacker-controlled email content.
Boundary markers: No delimiters or warnings are used when processing external data.
Capability inventory: The skill can perform irreversible administrative actions such as deleteUser and resetPassword across the M365 tenant.
Sanitization: No sanitization is performed on ingested email or event data before it reaches the agent context.

m365-admin