ms365-tenant-manager
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONNO_CODE
Full Analysis
- Category 8: Indirect Prompt Injection (LOW): The skill defines a workflow where untrusted data (CSV files) is processed to generate high-privilege PowerShell scripts.
- Ingestion points:
scripts/user_management.pyandscripts/powershell_generator.pytake--csvinputs and user-defined--policy-namestrings. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are documented in the prompt templates.
- Capability inventory: The resulting scripts are executed with Global Administrator or Security Administrator privileges, capable of modifying all tenant configurations.
- Sanitization: Implementation details are missing as the Python logic scripts were not included in the bundle, making it impossible to verify if input is escaped.
- Category 10: Dynamic Execution (LOW): The skill's primary function is generating PowerShell code at runtime based on user templates. While this is the intended purpose, it creates a potential execution vector for the agent.
- No Code (NO_CODE): The documentation references three Python scripts (
powershell_generator.py,user_management.py, andtenant_setup.py) that are not present in the provided files. The analysis is limited to the markdown templates and metadata. - Category 4: External Downloads (SAFE): The skill references official Microsoft modules (
Microsoft.Graph,ExchangeOnlineManagement). These are from a trusted source (Microsoft) and are standard for the stated task.
Audit Metadata