Skills
skills/ianphil/my-skills/workiq/Gen Agent Trust Hub

workiq

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute global installation commands (npm install -g @microsoft/workiq) and interact with a command-line interface (workiq).
  • [EXTERNAL_DOWNLOADS]: Fetches and installs the Work IQ package from Microsoft's official npm scope.
  • [PROMPT_INJECTION]: The skill processes untrusted external data from Microsoft 365, which can be used for indirect prompt injection attacks.
  • Ingestion points: Untrusted data enters the agent context via the workiq ask command when querying emails, Teams messages, and documents as described in SKILL.md.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the skill prompts to prevent the agent from following instructions found within the data.
  • Capability inventory: The skill provides access to the workiq CLI tool and assumes standard environment capabilities.
  • Sanitization: There is no evidence of sanitization, validation, or filtering of the retrieved content before it is presented to the AI.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 03:29 AM