TeamsMigration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests user-generated Teams chat messages (Workflows/MigrateChat.md — Step 4 calls mcp__teams-mcp__get_chat_messages) and then parses and uses that content to decide filtering and to construct/post messages via Tools/MigrateChat.mjs (reads messages JSON and posts to Graph API), so untrusted chat content can materially influence tool actions and workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill instructs running remote code at runtime via the npm package invocation "npx @floriscornel/teams-mcp@latest authenticate" (fetches and executes the @floriscornel/teams-mcp package), which the workflow depends on for MCP authentication and operation.