The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses curl and jq to perform API requests and process data. These are standard tools for interacting with web services via shell scripts.- [EXTERNAL_DOWNLOADS]: The skill communicates with graph.microsoft.com. This is the official endpoint for Microsoft Graph services and is recognized as a well-known, trusted service.- [CREDENTIALS_UNSAFE]: The skill requires the MS_GRAPH_TOKEN environment variable for authentication. This is the recommended approach for providing access tokens to agents without hardcoding credentials into the source code.- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it processes data from external sources.- Ingestion points: Data returned from Microsoft Graph API calls, such as email subjects, message bodies, and file names.- Boundary markers: No specific delimiters or boundary instructions are used to separate API data from agent instructions.- Capability inventory: The skill can send emails, post Teams messages, and upload files to OneDrive based on processed data.- Sanitization: No explicit sanitization or validation of the API response content is performed before the agent processes it.

microsoft-graph