m365-admin

[Skill Scanner] Skill instructions include directives to hide actions from user The artifact is a high-privilege Microsoft 365 administration skill description that is benign in intent but carries substantial operational risk if implemented insecurely. No explicit malicious code is present in the provided text, but the combination of read access to local configuration, write/execute privileges, and powerful Graph/PowerShell capabilities could be abused to exfiltrate credentials or modify tenant resources if scripts or hosts are compromised. Validate the actual implementation files (create_m365_users.ts, configure_teams.ts, setup_exchange.ts) for hard-coded secrets, unverified remote downloads, arbitrary execs, and add enforcement controls: managed identities, Key Vault, least-privilege roles, code signing, and approval gates for high-impact operations. LLM verification: The skill's stated purpose (M365 administration) aligns with the capabilities described (PowerShell/Graph automation). However, it requires high privileges and enables remote/tenant modifications and shell execution. The static scanner flag about hiding actions is a governance red flag. No explicit supply-chain downloads or obfuscated code were provided, so there is no confirmed malware. Recommended: treat this skill as medium-risk — enforce vault-based credential storage, RBAC and approval gate