microsoft-teams-automation
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill configuration requires connecting to a remote MCP server (https://rube.app/mcp). Since this domain is not on the trusted sources list, the security and privacy of the tool execution rely entirely on an unverified third-party provider.
- [PROMPT_INJECTION] (LOW): This skill exhibits an Indirect Prompt Injection surface. Evidence Chain: 1. Ingestion points: Untrusted message content is retrieved via MICROSOFT_TEAMS_SEARCH_MESSAGES and MICROSOFT_TEAMS_GET_CHAT_MESSAGE. 2. Boundary markers: Absent; there are no instructions to ignore commands found within the retrieved data. 3. Capability inventory: The skill has extensive write permissions, including posting messages and creating meetings. 4. Sanitization: No sanitization or validation of the retrieved message content is performed before processing.
Audit Metadata