microsoft-365-message-center-archive
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill connects to the author's own domain (mc.merill.net) to fetch information about Microsoft 365 updates. This behavior is documented and aligns with the skill's purpose as a reference tool.
- [DATA_EXPOSURE]: No patterns of sensitive file access or hardcoded credentials were found. The skill does not attempt to exfiltrate local environment data; network operations are limited to retrieving search indexes and announcement content.
- [PROMPT_INJECTION]: The skill consumes external data from mc.merill.net/llms.txt and mc.merill.net/messages-index.json. This presents a surface for indirect prompt injection if the remote files contain malicious instructions. However, this ingestion is necessary for the skill's search functionality, and the sources are the author's own infrastructure.
- Ingestion points: SKILL.md (mc.merill.net/llms.txt, mc.merill.net/messages-index.json)
- Boundary markers: None present
- Capability inventory: The skill has network-read capabilities and can search local or remote content
- Sanitization: None mentioned
Audit Metadata