m365-agents-dotnet
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install official Microsoft SDK packages including Microsoft.Agents.Hosting.AspNetCore, Microsoft.Agents.Authentication.Msal, and Microsoft.Agents.Storage via the .NET NuGet package manager.
- [PROMPT_INJECTION]: The
OnMessageAsyncmethod in theMyAgentclass processes user-supplied text fromturnContext.Activity.Text. While this creates an ingestion point for external data, the example code safely echoes the input and does not pass it to an exploitable execution sink within the skill itself. - [SAFE]: The skill follows security best practices by utilizing the Microsoft Authentication Library (MSAL) for identity management and recommending the use of secure configuration providers like Azure Key Vault for production secrets instead of hardcoding values.
Audit Metadata