agent-teams

SUSPICIOUS. The skill's Teams capabilities largely match its stated purpose and the npm install path appears official, but its authentication model relies on silent extraction of Teams tokens from local desktop/browser stores and it enables autonomous messaging, deletion, reactions, and file uploads without clear per-action approval. This is high-impact agent functionality with meaningful credential and action risk, though not clear evidence of malware or third-party credential exfiltration.