ms-teams-apps
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill references and utilizes official SDKs and command-line tools from trusted organizations, including @microsoft/teams.ai, @anthropic-ai/sdk, and @azure/identity.- [SAFE]: Code examples follow security best practices for secret management by utilizing environment variables (process.env) and suggesting the use of .env files for local configuration.- [SAFE]: The deployment documentation and infrastructure-as-code snippets (Docker, az CLI) align with standard industry practices and official vendor recommendations.- [PROMPT_INJECTION]: The skill's primary purpose is to build agents that process untrusted user input and interact with sensitive services, creating a surface for indirect prompt injection.
- Ingestion points: External user input is ingested via context.activity.text in src/claude-bot.ts and src/claude-agent.ts.
- Boundary markers: The templates provide basic structural markers in prompts (e.g., User: {{$input}} in skprompt.txt) but do not include explicit instructions to ignore embedded commands.
- Capability inventory: The code snippets in src/graph/operations.ts and src/claude-agent.ts provide the ability to send emails, create meetings, and manage tasks.
- Sanitization: There is no evidence of input validation or content filtering demonstrated in the example code to mitigate prompt-based attacks.
Audit Metadata