The Agent Skills Directory

Prompt Injection (SAFE): No instructions attempting to bypass safety filters or override system prompts were found. The orchestration protocol focuses on legitimate API interaction patterns.
Data Exposure & Exfiltration (SAFE): The test-connection.py script handles credentials via environment variables or user input. No hardcoded secrets were detected. Network operations are limited to official Microsoft endpoints (login.microsoftonline.com and graph.microsoft.com).
Unverifiable Dependencies (SAFE): The skill references standard, reputable libraries such as msal and requests. No suspicious external scripts or unverified packages are downloaded or executed.
Indirect Prompt Injection (LOW): The skill is designed to process data from Microsoft Graph API (e.g., user profiles, mail, messages). While this data is externally sourced, the skill does not grant elevated privileges that would facilitate a high-impact attack via indirect injection.
Dynamic Execution (SAFE): No use of eval(), exec(), or runtime code generation was detected in the provided scripts.

microsoft-graph