microsoft-docs
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No instructions to override agent behavior or bypass safety filters were found.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials or access to sensitive local file paths (like SSH keys or AWS configs) were detected.
- External Downloads (SAFE): The skill references an official Microsoft API endpoint (learn.microsoft.com). Per the [TRUST-SCOPE-RULE], Microsoft is a trusted organization, and this reference is considered safe.
- Indirect Prompt Injection (LOW): This skill has an ingestion surface through the
microsoft_docs_fetchtool which retrieves content from an external source. - Ingestion points: External documentation pages from learn.microsoft.com.
- Boundary markers: None explicitly defined in the skill definition.
- Capability inventory: Limited to searching and fetching documentation content.
- Sanitization: Not visible in the markdown definition.
- Assessment: While any tool fetching external data has a surface for indirect prompt injection, the source is a trusted official documentation portal, making the risk negligible.
Audit Metadata