The Agent Skills Directory

[EXTERNAL_DOWNLOADS] (SAFE): The skill utilizes official Microsoft libraries (azure-identity, msgraph-sdk, botbuilder-core) and standard Python utilities (aiohttp, requests). Under [TRUST-SCOPE-RULE], these are considered safe as they originate from trusted organizations and established registries.- [CREDENTIALS_UNSAFE] (SAFE): The documentation correctly guides users to manage sensitive information like Client Secrets and App Passwords through environment variables. No actual credentials are hardcoded; placeholders are used throughout the examples.- [DATA_EXFILTRATION] (SAFE): Network requests are directed to legitimate Microsoft service endpoints (Graph API and Outlook webhooks) consistent with the skill's primary purpose. No suspicious data exfiltration patterns were detected.- [INDIRECT_PROMPT_INJECTION] (LOW): This skill defines surfaces for processing external data (e.g., bot message handlers and webhooks). While standard LLM guardrails are required when handling user-provided text to these APIs, the skill itself does not introduce unique vulnerabilities.- Ingestion points: bot on_message_activity handler and incoming webhook payloads.- Boundary markers: Not specified in the documentation snippets.- Capability inventory: Network POST requests and Microsoft Graph API interactions for messaging.- Sanitization: Not explicitly shown in the provided code templates.

teams-api