microsoft-teams-automation
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the user to connect to an external MCP server located at
https://rube.app/mcp. This third-party endpoint provides the necessary tools for Microsoft Teams automation and represents a remote dependency outside of the trusted vendor list.\n- [PROMPT_INJECTION]: The skill provides a significant surface for indirect prompt injection as it processes untrusted data from an external environment.\n - Ingestion points: Untrusted data enters the agent context via tools like
MICROSOFT_TEAMS_SEARCH_MESSAGESandMICROSOFT_TEAMS_GET_CHAT_MESSAGEas defined inSKILL.md.\n - Boundary markers: The skill body contains no specific boundary markers or instructions (e.g., delimiters or 'ignore' commands) to prevent the agent from executing instructions embedded within retrieved messages.\n
- Capability inventory: The skill has extensive capabilities including posting channel messages (
MICROSOFT_TEAMS_TEAMS_POST_CHANNEL_MESSAGE), creating chats (MICROSOFT_TEAMS_TEAMS_CREATE_CHAT), adding members to teams (MICROSOFT_TEAMS_ADD_MEMBER_TO_TEAM), and creating meetings (MICROSOFT_TEAMS_CREATE_MEETING).\n - Sanitization: There is no mention or implementation of sanitization, validation, or escaping of the external content before it is interpolated into the agent's workflow.
Audit Metadata