workiq-copilot
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill references the installation of @microsoft/workiq via npm. Because microsoft is a trusted organization, this is a low-risk dependency.
- COMMAND_EXECUTION (LOW): The skill wraps the workiq CLI, passing user questions to the tool. This is the intended purpose of the skill and uses a trusted binary.
- PROMPT_INJECTION (LOW): Category 8 (Indirect Prompt Injection): The skill processes untrusted external data from Microsoft 365 sources like emails and Teams messages. Evidence: 1. Ingestion points: workiq ask queries live M365 data (file: SKILL.md). 2. Boundary markers: Absent; there are no specific instructions to ignore malicious commands embedded in retrieved text. 3. Capability inventory: Ability to run workiq CLI commands and summarize data. 4. Sanitization: Absent; the skill passes content directly to the LLM for summarization.
Audit Metadata