Skills
skills/the-focus-ai/microsoft-skill/microsoft-outlook/Gen Agent Trust Hub

microsoft-outlook

Pass

Audited by Gen Agent Trust Hub on Apr 6, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes child_process.spawn and execSync for system-level operations. Specifically, it executes platform-specific commands (open, start, xdg-open) to launch a web browser for OAuth authentication and invokes the 1Password CLI (op) to retrieve stored API credentials. These operations use hardcoded or limited user input, reducing risk of injection.
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (IPI) because it ingests untrusted data from external emails via the Microsoft Graph API. Maliciously crafted emails could contain instructions designed to manipulate the agent's logic when it processes the resulting JSON output.
  • Ingestion points: scripts/microsoft.ts via the listMessages and downloadMessage functions, which fetch data from https://graph.microsoft.com/v1.0/me/messages.
  • Boundary markers: The skill does not implement specific delimiters or 'ignore' instructions when presenting email content to the agent.
  • Capability inventory: The skill has capabilities to perform network requests to the Microsoft Graph API and write files to the local file system (specifically .eml files to a downloads directory).
  • Sanitization: While the skill sanitizes email subjects for use in filenames, the message content itself is returned to the agent without escaping or filtering.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 6, 2026, 03:39 PM