Trust Assessment
microsoft-teams received a trust score of 82/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Command Injection via unsanitized curl arguments, Prompt Injection vector against Microsoft Teams, Potential for excessive permissions with Graph API token.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Command Injection via unsanitized curl arguments The skill demonstrates direct execution of `curl` commands. If parameters like `{team-id}`, `{channel-id}`, or parts of the JSON payload (`-d` argument) are populated directly from untrusted user input without proper sanitization, an attacker could inject arbitrary shell commands or manipulate the `curl` command's behavior, leading to command injection. Implement robust input validation and sanitization for all user-provided parameters used in shell commands. Prefer using dedicated API clients or libraries that handle parameter escaping over direct shell command execution. | LLM | SKILL.md:38 | |
| MEDIUM | Prompt Injection vector against Microsoft Teams The skill demonstrates sending messages and adaptive cards to Microsoft Teams. If the content of these messages (e.g., `text` field in webhooks, `content` in Graph API messages, `subject` in meeting creation) is directly populated from untrusted user input without sanitization, it could lead to prompt injection against the Microsoft Teams platform, potentially manipulating other bots or users within Teams. Sanitize all user-provided input before including it in messages sent to external platforms. Consider using templating engines with auto-escaping or explicit content filtering to prevent malicious content from being interpreted as commands or instructions by downstream systems. | LLM | SKILL.md:41 | |
| INFO | Potential for excessive permissions with Graph API token The skill demonstrates using the Microsoft Graph API with an access token for 'Full Access' capabilities (e.g., listing teams, channels, sending messages, creating meetings). While the skill itself doesn't define the token's scope, it encourages the use of a token that may have broad permissions. If the `TEAMS_ACCESS_TOKEN` is configured with excessive permissions, a compromise of the skill could lead to a wider impact on the Microsoft Teams environment. When configuring the `TEAMS_ACCESS_TOKEN`, adhere to the principle of least privilege. Grant only the minimum necessary permissions required for the skill's intended functionality. Regularly review and audit token scopes to ensure they are not overly permissive. | LLM | SKILL.md:28 |
Scan History
Embed Code
[](https://skillshield.io/report/a38ec26bb277c95e)
Powered by SkillShield