The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill downloads and executes the official @microsoft/workiq package from the NPM registry via npx. This is a trusted resource provided by Microsoft.
[COMMAND_EXECUTION]: The skill invokes npx and npm to run the Work IQ CLI and MCP server for Microsoft 365 integration.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from external M365 sources that may contain malicious instructions meant to manipulate the agent's behavior.
Ingestion points: Content is retrieved from M365 emails, Teams messages, and documents as described in SKILL.md and examples.md.
Boundary markers: The skill does not implement delimiters or specific instructions to the agent to ignore or isolate instructions found within the retrieved data.
Capability inventory: The skill is configured to execute shell commands (npx, npm), which represents a significant capability if an injection attack is successful.
Sanitization: There is no evidence of sanitization or filtering applied to the M365 data before it is presented to the agent.

work-iq