What happened
Kiota, Microsoft's OpenAPI-based code/plugin generator, failed to sanitize custom AI-extension fields from OpenAPI specifications before embedding them into generated Microsoft 365 Copilot and Teams plugin manifest files.
Why it matters
A poisoned OpenAPI spec ingested via Kiota could inject malicious content directly into AI plugin manifests distributed to Microsoft 365 Copilot users, representing a supply-chain path from third-party API definitions into the enterprise Copilot plugin ecosystem.
Attack vector
The `kiota plugin add`/`kiota plugin generate` commands (with `-t APIPlugin`) emitted attacker-controlled static_template.file values from x-ai-adaptive-card and x-ai-capabilities OpenAPI extensions directly into generated Microsoft 365 Copilot and Teams plugin manifests without sanitization, allowing a malicious OpenAPI spec to inject content into the generated AI plugin package.
Affected systems
Microsoft Kiota prior to 1.32.5
Mitigation
Upgrade to Kiota 1.32.5 or later.