m365-agents-py
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill utilizes official Microsoft 365 Agents SDK packages (e.g., microsoft-agents-hosting-core) hosted on PyPI and references the official Microsoft GitHub repository. These are verified sources for agent development.
- [COMMAND_EXECUTION]: The skill provides standard installation instructions using pip and scripts for initializing an aiohttp server, which are appropriate for its purpose.
- [DATA_EXFILTRATION]: Code examples demonstrate interaction with Microsoft Graph and Azure OpenAI APIs. Security is maintained by using environment variables for credentials such as CLIENTSECRET and AZURE_OPENAI_API_KEY, ensuring no secrets are hardcoded in the skill code.
- [PROMPT_INJECTION]: The skill identifies ingestion points for user input via context.activity.text. This data is handled according to the SDK's standard routing patterns, and the skill implements appropriate middleware (jwt_authorization_middleware) to secure the agent's hosting environment.
Audit Metadata