microsoft
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFE
Full Analysis
- Local Development Emulator: The skill is designed to run a local mock service for Microsoft Entra ID (Azure AD) using the 'emulate' tool. This is a standard practice for development environments to avoid reliance on live APIs and to prevent accidental data exposure during testing.
- Mock Credential Usage: The provided configuration examples use clearly identified placeholder credentials (e.g., 'example-client-id', 'example-client-secret') intended for local use, following security best practices for documentation.
- Restricted Tool Access: The skill's configuration limits the agent's execution environment to specific commands related to the emulator and basic networking ('curl'), which minimizes the potential attack surface.
- Standard Authentication Patterns: Implementation details for OAuth 2.0 and OpenID Connect (including PKCE) follow industry-standard security protocols and are provided as educational examples for developers.
Audit Metadata