ms-onedrive-personal-graph
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSNO_CODEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the execution of several local shell scripts (
onedrive-setup.sh,onedrive-cli.sh,onedrive-token.sh) to perform setup, authentication, and file operations. - [EXTERNAL_DOWNLOADS]: Communicates with the Microsoft Graph API (
graph.microsoft.com) for OAuth 2.0 authentication and file management tasks, which is an interaction with a well-known service. - [NO_CODE]: The core logic of the skill is implemented in external scripts referenced in the documentation that are not provided within the analyzed file.
- [DATA_EXFILTRATION]: Accesses and stores sensitive OAuth credentials in the local file path
~/.onedrive-mcp/credentials.json, which is identified as a sensitive file path containing credentials. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection due to its ability to ingest untrusted data from an external source.
- Ingestion points: Files and metadata retrieved from OneDrive via the
download,ls, andinfocommands. - Boundary markers: The documentation does not specify the use of delimiters or instructions to ignore embedded commands in processed files.
- Capability inventory: The skill has access to powerful system tools including
bash,curl, andpython3for command and network execution. - Sanitization: There is no mention of sanitization, filtering, or validation of the content downloaded from the remote service before it is processed by the agent.
Audit Metadata