microsoft-onedrive
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches data from and uploads content to the Microsoft Graph API (graph.microsoft.com). This is a legitimate interaction with a well-known service required for the skill's stated purpose.
- [COMMAND_EXECUTION]: Executes shell commands using curl and jq to interact with the Microsoft Graph API. The instructions include specific steps to safely encode path segments and identifiers using jq, which mitigates potential command injection or path traversal risks from external file names.
- [DATA_EXFILTRATION]: Accesses user data on OneDrive using an environment variable ($MICROSOFT_ONEDRIVE_TOKEN) provided by the platform. No evidence was found of sending data to unauthorized third-party domains or exfiltrating credentials.
- [PROMPT_INJECTION]: The skill incorporates safety protocols that mandate explicit user confirmation before the agent executes any destructive actions (such as delete or move) or data-sharing operations (such as createLink).
Audit Metadata