microsoft-code-reference
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill references an external MCP server at 'https://learn.microsoft.com/api/mcp'. Per the trusted source rule, this reference is classified as LOW severity because it belongs to the official Microsoft domain.
- [PROMPT_INJECTION] (LOW): The skill possesses a Category 8 (Indirect Prompt Injection) attack surface. It ingests untrusted external content via the 'microsoft_docs_fetch' and 'microsoft_code_sample_search' tools. While there are no explicit boundary markers or sanitization steps mentioned, the severity is rated as LOW because the skill's capabilities are restricted to information retrieval and internal reasoning, with no file-write, network-send, or code execution permissions.
Audit Metadata