msgraph-teams
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches the '@anthropic-ai/microsoft-graph-mcp' package using npx. This package is provided by a trusted organization and is used for its intended purpose of interfacing with Microsoft Graph.
- [COMMAND_EXECUTION]: The skill executes shell commands to invoke the MCP server through a Python wrapper and npx. This is the primary mechanism for the skill's functionality and does not involve unauthorized privilege escalation.
- [CREDENTIALS_UNSAFE]: The skill correctly uses environment variables (AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET) for authentication instead of hardcoding secrets.
- [PROMPT_INJECTION]: The skill includes a potential surface for indirect prompt injection as it processes and reads messages from external Teams channels.
- Ingestion points: Messages are ingested via the 'graph_list_channel_messages' operation.
- Boundary markers: No explicit delimiters are defined for the processed content.
- Capability inventory: The skill can send messages and reply to threads using 'graph_send_channel_message' and 'graph_reply_to_message'.
- Sanitization: No explicit sanitization or validation of the channel content is performed within the skill definition.
Audit Metadata