Microsoft Teams Automation
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, hardcoded secrets, or unauthorized network operations were detected. The skill consists of YAML-based configurations for standard Microsoft Teams operations.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by ingesting and processing untrusted external data.
- Ingestion points: External data enters through 'Message content', 'Webhook payloads', and 'Channel configurations' in SKILL.md.
- Boundary markers: Absent; the templates use standard double-curly brace interpolation (e.g., {{message}}) without explicit delimiters or instructions to ignore embedded commands.
- Capability inventory: The skill can perform channel messaging, meeting scheduling, and webhook execution via the 'microsoft-mcp' server.
- Sanitization: No sanitization or validation logic is defined in the provided configuration to filter potentially malicious instructions within processed strings.
Audit Metadata