microsoft-teams-automation
Warn
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- External Resource Dependency (MEDIUM): The skill requires the use of an external MCP server at https://rube.app/mcp. This domain is not a trusted source, and connecting it to a Microsoft Teams environment allows an unverified third party to process and potentially store sensitive communication data.
- Indirect Prompt Injection (LOW): The skill creates a vulnerability surface by reading untrusted content from Teams messages that could contain malicious instructions. (1) Ingestion points: MICROSOFT_TEAMS_SEARCH_MESSAGES and MICROSOFT_TEAMS_GET_CHAT_MESSAGE in SKILL.md. (2) Boundary markers: Absent; the instructions do not provide delimiters or warnings to ignore instructions embedded in message data. (3) Capability inventory: The skill has high-impact tools like MICROSOFT_TEAMS_TEAMS_POST_CHANNEL_MESSAGE and MICROSOFT_TEAMS_ADD_MEMBER_TO_TEAM. (4) Sanitization: Absent; there is no logic provided to filter or escape the retrieved data before the agent processes it.
Audit Metadata