auditing-azure-active-directory-configuration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's runtime directly fetches and parses tenant data from Microsoft Graph (e.g., scripts/agent.py and SKILL.md call https://graph.microsoft.com endpoints to retrieve /users, /identity/conditionalAccess/policies, /auditLogs/signIns, etc.), which includes user-generated/untrusted fields (displayName, policy names, sign-in data) that the agent reads and uses to drive audit findings and recommendations, creating a pathway for indirect prompt-injection via crafted tenant content.