microsoft-teams
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides standard, well-documented patterns for Microsoft Teams integration via Webhooks, Microsoft Graph API, and the Bot Framework SDK.
- [EXTERNAL_DOWNLOADS]: The skill utilizes official and well-known Node.js packages including
@azure/identity,@microsoft/microsoft-graph-client, andbotbuilder. These are maintained by Microsoft and are considered trusted dependencies for this use case. - [CREDENTIALS_UNSAFE]: The provided code examples correctly demonstrate the use of environment variables (e.g.,
process.env.AZURE_CLIENT_SECRET,process.env.MICROSOFT_APP_PASSWORD) to manage sensitive credentials, avoiding hardcoded secrets. - [COMMAND_EXECUTION]: No suspicious command execution or shell injection vulnerabilities were found. The use of an Express server to host the bot is a standard architectural pattern for this integration.
Audit Metadata