m365-workflows
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill instructions define processes for ingesting untrusted data from external sources such as SharePoint items and Microsoft Teams meeting transcripts. This creates a surface for indirect prompt injection where malicious instructions within those sources could influence agent behavior.
- Ingestion points: Meeting transcripts (Rule 19) and SharePoint list items (Rule 2).
- Boundary markers: No specific delimiters or instructions to ignore embedded commands are provided for these data sources.
- Capability inventory: The skill provides rules for sending messages to Teams (Rule 4), sending Outlook emails (Rule 15), managing Planner tasks (Rule 17), and triggering Power Automate flows (Rule 18).
- Sanitization: No data sanitization or validation logic is specified in the rules for handling external content.
- [EXTERNAL_DOWNLOADS]: The skill configures a remote MCP server endpoint located at
ms365-mcp.delightfulbeach-79de09ed.koreacentral.azurecontainerapps.io/mcp. This is documented as a legitimate configuration for the M365 integration using well-known cloud infrastructure.
Audit Metadata