onenote-debug-bundle
Generates diagnostic bundles for OneNote Graph API issues, aiding in troubleshooting and support ticket filing.
Install this skill
Security score
The onenote-debug-bundle skill was audited on May 21, 2026 and we found 13 security issues across 4 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 108 | const expiresIn = isExpired ? `Expired ${diff}s ago` : `${Math.floor(diff / 60)}m remaining`; |
Template literal with variable interpolation in command context
| 192 | if (missing.length > 0) console.error(`Missing scopes: ${missing.join(", ")}`); |
Template literal with variable interpolation in command context
| 193 | if (isExpired) console.error(`Token expired: ${expiresIn}`); |
Template literal with variable interpolation in command context
| 200 | failures.forEach((f) => console.error(`[${f.requestId}] ${f.method} ${f.url} -> ${f.status}`)); |
Template literal with variable interpolation in command context
| 234 | writeFileSync(`onenote-debug-${Date.now()}.json`, JSON.stringify(bundle, null, 2)); |
Access to .env file
| 240 | const t = process.env.GRAPH_TOKEN; |
Base64 decode operation
| 158 | bundle["token_claims"] = json.loads(base64.urlsafe_b64decode(parts[1] + "==")) |
Buffer.from base64 decode
| 99 | return JSON.parse(Buffer.from(padded, "base64").toString("utf-8")); |
External URL reference
| 134 | url = f"https://graph.microsoft.com/v1.0{endpoint}" |
External URL reference
| 216 | | JWT decode fails | Token is opaque (v1) | Graph tokens should be v2 JWT; check `aud` matches `https://graph.microsoft.com` | |
External URL reference
| 248 | - [OneNote API Overview](https://learn.microsoft.com/en-us/graph/api/resources/onenote-api-overview) |
External URL reference
| 249 | - [OneNote Error Codes](https://learn.microsoft.com/en-us/graph/onenote-error-codes) |
External URL reference
| 250 | - [Graph API Known Issues](https://learn.microsoft.com/en-us/graph/known-issues) |