Skills
skills/borghei/claude-skills/ms365-tenant-manager/Gen Agent Trust Hub

ms365-tenant-manager

Pass

Audited by Gen Agent Trust Hub on Feb 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill dynamically generates PowerShell scripts for tenant management. While it includes safety recommendations like using -WhatIf, the generation process involves building executable code from user-provided inputs.
  • [PROMPT_INJECTION]: Vulnerability to indirect prompt injection is present due to lack of input sanitization. • Ingestion points: Input parameters and CSV data in user_management.py, powershell_generator.py, and tenant_setup.py. • Boundary markers: No escaping is performed on interpolated strings. • Capability inventory: Scripts manage security policies, users, and licenses with high-level permissions. • Sanitization: Absent.
  • [EXTERNAL_DOWNLOADS]: References official Microsoft modules for Graph, Exchange, and Teams, which are trusted administrative resources.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 23, 2026, 03:47 PM