m365-agent-scaffolder
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The skill executes shell commands that incorporate user-provided input, creating a command injection vulnerability. * Ingestion points: User-provided variable in SKILL.md Step 2. * Capability inventory: Shell execution via npx, directory modification via mv, and directory deletion via rmdir in Step 3. * Boundary markers: None present. * Sanitization: Relies on natural language instructions for the agent to validate input, which is insufficient to prevent adversarial injection.
- EXTERNAL_DOWNLOADS (LOW): The skill downloads and executes a remote package via npx from a trusted source. * Evidence: npx -p @microsoft/m365agentstoolkit-cli@latest in SKILL.md. * [TRUST-SCOPE-RULE]: The source is the microsoft organization, which is a verified trusted source.
Recommendations
- AI detected serious security threats
Audit Metadata