# Audit SharePoint Permissions Locally SharePoint permissions are hard to review across sites and batches without repeatable tooling. This skill guides local collection, execution, and report review for SharePoint Online audits. ## Install ```bash npx skillstore add aqualia/sharepoint-audit ``` ## Metadata - - Slug: aqualia-sharepoint-audit - - Version: 1.0.0 - - Author: Aqualia - - GitHub username: Aqualia - - License: MIT - - Repository: https://github.com/Aqualia/Skills-Library/tree/main/sharepoint-audit-agent/wrappers/claude-skill - - Ref: main - - Supported tools: Claude, Codex, Claude Code - - Risk level: medium - - Risk factors: external\_commands - - Quality score: 50 - - Quality tier: warning - - Public page: https://skillstore.pages.dev/skills/aqualia-sharepoint-audit - - Manifest: https://skillstore.pages.dev/api/skills/aqualia-sharepoint-audit/manifest ## Capabilities - Collects required SharePoint audit inputs before execution. - Checks that PowerShell, Python, and PnP.PowerShell are available locally. - Runs the local module installation and audit agent commands when authorized. - Supports one site URL or a CSV-defined batch audit workflow. - Directs users to generated Markdown or HTML report output. - Reminds users that generated audit reports contain sensitive data. ## Use Cases - Review One SharePoint Site: Audit permissions for a single SharePoint Online site and open the generated local report. - Run Batch Access Reviews: Use a CSV-defined site list to support repeatable SharePoint permission reviews across multiple locations. - Prepare Compliance Evidence: Generate local Markdown or HTML evidence for SharePoint access review activities. ## Prompt Templates ### Start a Single Site Audit ``` Help me audit permissions for one SharePoint Online site. Ask me for the required tenant, application, certificate, domain, and site details first. ``` ### Check Local Prerequisites ``` Check whether my local environment is ready for the SharePoint audit workflow, including PowerShell, Python, PnP.PowerShell, and required inputs. ``` ### Run a CSV Batch Audit ``` Guide me through a batch SharePoint permissions audit using my CSV file, and confirm each command before execution. ``` ### Review Generated Audit Outputs ``` Find the generated SharePoint audit reports, summarize where they are stored, and remind me how to handle sensitive report files. ``` ## Limitations - Requires local PowerShell 7.4 or newer and Python 3.10 or newer. - Requires certificate authentication details and a PFX password environment variable. - Depends on the external audit agent files being present in the expected repository path. - Does not analyze report contents beyond locating generated output. ## Best Practices - Run the workflow only from a trusted local repository checkout. - Store the PFX password in the environment and never paste it into chat. - Restrict Sites.Selected permission to Read unless Write is explicitly required. ## Anti Patterns - Do not run the install or audit commands before reviewing the local scripts. - Do not share generated reports in public channels or unsecured tickets. - Do not grant broader SharePoint permissions than the audit requires. ## Security Audit - - Safe to publish: true - - Audited at: 2026-06-28T10:10:33.348\+00:00 - - Summary: Static analysis correctly identified local PowerShell and Python command execution guidance, which is central to this SharePoint audit workflow. Several high-severity matches are contextual mentions or Markdown formatting false positives, and no prompt injection or malicious exfiltration intent was found. Publish with a warning because the skill handles secrets, installs modules, and produces sensitive SharePoint audit reports. ## Stats - - Views: 195 - - Downloads: 4 - - Favorites: 0 - - Popularity score: 0