The Agent Skills Directory

[PROMPT_INJECTION]: The skill facilitates the ingestion of untrusted data into the agent's context through the analysis of Power Automate action outputs. This data, often originating from external systems (e.g., email messages, form submissions), is processed without boundary markers or sanitization. This establishes a surface for indirect prompt injection, where malicious instructions hidden in flow data could trick the agent into misusing its capabilities, such as modifying flow definitions via the update_live_flow tool.
Ingestion points: SKILL.md (via tools like get_live_flow_run_action_outputs).
Boundary markers: Absent; the skill does not require the use of delimiters or 'ignore' instructions for the processed flow data.
Capability inventory: The skill provides high-impact capabilities including update_live_flow, resubmit_live_flow_run, and trigger_live_flow.
Sanitization: Absent; the agent is directed to interpret raw output and error bodies directly.

flowstudio-power-automate-debug