m365-admin

This SKILL.md describes powerful, legitimate Microsoft 365 administration and automation capabilities that are consistent with the described purpose. I found no explicit malicious code, obfuscated payloads, external non-Microsoft endpoints, or hardcoded secrets in the provided documentation. However, the skill requires high privileges (app registrations, RBAC, tenant-wide changes) and allows operations that can cause wide-scale impact if misused or if the implementation mishandles credentials. Without the actual script implementations I cannot assert secure handling of secrets, approval workflows, or absence of exfiltration. Overall: no evidence of malware, but the feature set is high-risk and requires strict least-privilege controls, secure secret storage, multi-step approval for high-impact actions, audit logging, and code review before use.