microsoft-skill-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (SAFE): The skill processes data from external URLs via
microsoft_docs_fetchandmicrosoft_docs_search. While this creates an ingestion surface, the risk is mitigated by the use of trusted Microsoft Learn domains. Ingestion points: Official documentation retrieved by MCP tools. Boundary markers: Absent in generated templates. Capability inventory: Generation of code snippets and CLI commands. Sanitization: Absent, relying on the source's integrity. - External Downloads (SAFE): The skill references documentation and code from
microsoft.comandlearn.microsoft.com. According to the [TRUST-SCOPE-RULE], references to these trusted organizations are downgraded to safe. - Dynamic Execution (SAFE): The skill generates code templates and shell commands as part of its output. This behavior is consistent with its stated purpose of skill creation and does not involve the direct execution of untrusted logic by the skill itself.
Audit Metadata