microsoft-teams-automation
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs users to connect to a remote MCP server at https://rube.app/mcp to access automation tools. This introduces a dependency on an external service for the agent's operational logic.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. Ingestion points: Content is retrieved from untrusted sources within Microsoft Teams via MICROSOFT_TEAMS_SEARCH_MESSAGES and MICROSOFT_TEAMS_GET_CHAT_MESSAGE in SKILL.md. Boundary markers: The instructions do not define delimiters to separate user data from agent instructions. Capability inventory: The agent can execute sensitive tools including MICROSOFT_TEAMS_TEAMS_POST_CHANNEL_MESSAGE and MICROSOFT_TEAMS_ADD_MEMBER_TO_TEAM. Sanitization: There is no requirement for validating or cleaning data obtained from Teams before processing.
Audit Metadata