Skills
skills/github/awesome-copilot/flowstudio-power-automate-mcp/Gen Agent Trust Hub

flowstudio-power-automate-mcp

Pass

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill facilitates network communication with an external endpoint (https://mcp.flowstudio.app/mcp) to manage Power Automate resources. While this is the primary purpose of the skill, it involves transmitting a user-provided JWT token to a non-whitelisted third-party domain.
  • [PROMPT_INJECTION]: The skill ingests and parses JSON data from a remote API, creating a surface for indirect prompt injection where malicious instructions could be embedded in flow definitions or run outputs.
  • Ingestion points: The Python and Node.js helper functions in SKILL.md parse response text from the FlowStudio server using json.loads and JSON.parse.
  • Boundary markers: The skill does not implement specific delimiters or 'ignore' instructions to isolate untrusted API content from the agent's core instructions.
  • Capability inventory: The skill provides the ability to read flow metadata, retrieve full flow definitions, and modify flows via the update_live_flow tool, allowing for significant state changes in the target environment.
  • Sanitization: There is no evidence of validation or sanitization of the remote JSON content before it is passed to the agent for reasoning and processing.
Audit Metadata
Risk Level
SAFE
Analyzed
May 12, 2026, 03:16 AM