teams-dev
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFE
Full Analysis
- Secure Secret Management: The skill utilizes the Teams CLI to handle bot credentials, recommending their storage in local environment files like .env or appsettings.json. This aligns with standard security practices for managing secrets in local development environments.
- Official Tooling and APIs: All management operations are conducted through the Microsoft Teams CLI and Azure CLI, communicating with official Microsoft services such as the Bot Framework and Microsoft Graph.
- Authenticated Documentation: References for SDKs and implementation guides are hosted on official Microsoft domains, ensuring that the instructions provided are from a trusted source.
- Verified Update Mechanism: The skill supports maintaining the Teams CLI through an internal update command, which is a common and expected feature for developer tools to ensure access to the latest security updates.
- Structured Infrastructure Deployment: The guides for bot migration and SSO setup utilize authenticated Azure CLI commands to configure application permissions and OAuth settings securely within the user's tenant.
- Minimal Dynamic Execution: A simple Python command is used to generate a unique identifier (UUID) for SSO configuration. This is a standard utility operation and does not involve external or untrusted data processing.
Audit Metadata