m365-agents-ts
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill references and installs packages from the
@microsoftandai(Vercel) scopes. Both 'microsoft' and 'vercel' are designated as Trusted Organizations. - [DATA_EXFILTRATION] (SAFE): While the skill defines environment variables for sensitive keys (Azure OpenAI, Client Secrets), it uses safe placeholders (e.g.,
<azure-openai-key>) and correctly instructs users to load these from secure environment stores rather than hardcoding values. - [INDIRECT_PROMPT_INJECTION] (SAFE): The agent ingests user input through
agent.onMessage. However, the capabilities are limited to sending text activities and streaming responses back to the user. No high-risk capabilities like filesystem access or arbitrary command execution are exposed to the input. - Ingestion points:
context.activity.textinsideagent.onMessage(SKILL.md). - Boundary markers: None explicitly used in snippets, but instructions are static templates.
- Capability inventory:
context.sendActivity,context.streamingResponse(SKILL.md). - Sanitization: Standard SDK handling; no manual sanitization shown in basic samples.
- [COMMAND_EXECUTION] (SAFE): No unauthorized or dangerous system commands were detected. The use of
npm installfor trusted packages is standard and expected for this skill type.
Audit Metadata