ms-customer-stories
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [DATA_EXFILTRATION] (LOW): The scripts
search_stories.pyandfetch_story.pyperform network requests to non-whitelisted domains (microsoft.com). Additionally,fetch_story.pyaccepts arbitrary URLs, which can be used to probe internal or external resources (SSRF surface). - [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection because it ingests and processes content from external web pages.
- Ingestion points:
scripts/fetch_story.py(Line 67) fetches arbitrary content based on user or search-provided input. - Boundary markers: No specific delimiters or safety warnings are used to encapsulate the fetched content before passing it back to the agent.
- Capability inventory: The skill is limited to network requests and text parsing; it does not possess dangerous capabilities like direct file-system writing or system command execution.
- Sanitization: The skill uses regular expressions to strip HTML tags from the fetched content, providing basic text extraction but no semantic sanitization.
- [EXTERNAL_DOWNLOADS] (LOW): The skill requires the
requestsPython library. While a standard and reputable package, it must be installed from an external repository (PyPI).
Audit Metadata