outlook
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security risks were identified. The skill implements Microsoft Graph API access through a managed OAuth gateway.
- [COMMAND_EXECUTION]: Includes Python examples that use the
urllib.requestmodule to interact with the API gateway. These are standard functional examples for an AI agent. - [EXTERNAL_DOWNLOADS]: Communicates with
maton.ai,connect.maton.ai, andctrl.maton.aifor API proxying and session management. These domains are consistent with the vendor's infrastructure as described in the skill metadata. - [DATA_EXFILTRATION]: Authentication is handled securely via the
MATON_API_KEYenvironment variable. Data is only transmitted to the designated service provider for the purpose of fulfilling API requests. - [INDIRECT_PROMPT_INJECTION]: The skill processes external data (emails, calendar events, contacts) which acts as an entry point for potential third-party instructions.
- Ingestion points: Email bodies and calendar event descriptions fetched from
gateway.maton.ai/outlook/. - Boundary markers: None; external content is passed directly into the agent's context without delimiters.
- Capability inventory: Python network requests and file management capabilities inherent to the agent's environment.
- Sanitization: No explicit sanitization or filtering of email content is performed before processing.
Audit Metadata