m365-agents-py
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill architecture contains a vulnerability surface for indirect prompt injection where untrusted user input is processed by the agent.\n
- Ingestion points: User input is received through the
on_messageandon_poem_messagehandlers viacontext.activity.textinSKILL.md.\n - Boundary markers: The provided code samples do not implement delimiters or 'ignore' instructions to isolate user-provided text from system prompts.\n
- Capability inventory: The agent has permissions to send messages, call the Microsoft Graph API with OAuth tokens, and interact with Azure OpenAI services.\n
- Sanitization: There is no evidence of input validation or sanitization before processing the message content.\n- [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of official Microsoft 365 Agents SDK packages from PyPI, such as
microsoft-agents-hosting-coreandmicrosoft-agents-activity, which are reputable sources.
Audit Metadata