The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: Installs the CLI for Microsoft 365 (@pnp/cli-microsoft365) from the NPM registry. This is a well-known community tool for Microsoft 365 management.
[COMMAND_EXECUTION]: Uses the m365 command-line utility to perform operations like listing emails, sending messages, and managing calendar events via the Microsoft Graph API.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from email messages and calendar entries. 1. Ingestion points: Email subjects, bodies, and calendar event details are retrieved in SKILL.md. 2. Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present in the prompts. 3. Capability inventory: The skill has the capability to execute shell commands (m365), perform network requests (m365 request), and write to the file system (e.g., /tmp/m365_event.json). 4. Sanitization: There is no evidence of sanitization or filtering of the retrieved content before it is processed by the agent.
[CREDENTIALS_UNSAFE]: The authentication process described in setup.md involves passing a Client Secret as a command-line argument (--secret). While the secret is provided by the user and not hardcoded, secrets passed via CLI flags can sometimes be captured in shell history or process monitoring tools.

m365