m365-agents-ts
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFE
Full Analysis
- [Environment Variable Management]: The skill correctly instructs developers to use environment variables for sensitive credentials like
AZURE_API_KEYandCLIENT_SECRET, rather than hardcoding them in source code. This aligns with standard security best practices for credential management. - [Trusted Dependencies]: All referenced packages and documentation links originate from official Microsoft repositories and domains. The use of the
@microsoftscope on npm ensures that the libraries are verified vendor resources. - [Indirect Prompt Injection Surface]: Like all messaging agents, the skill includes patterns for processing user input (e.g.,
agent.onMessage). While this represents a standard input surface, the skill includes a 'Best Practices' section recommending the validation of payloads before processing, which helps mitigate risks associated with untrusted data. - [Input Handling]: The examples demonstrate how to handle various activity types and streaming responses using structured SDK methods, which reduces the risk of common implementation errors that could lead to vulnerabilities.
Audit Metadata