flowstudio-power-automate-mcp

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill's code examples and instructions show a hardcoded TOKEN = "<YOUR_JWT_TOKEN>" and direct use of that token in request headers (x-api-key), which encourages substituting a real JWT into generated code/requests and thus would require the LLM to handle and output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly calls the FlowStudio MCP endpoint (e.g., tools like describe_live_connector, get_live_flow, get_live_flow_run_action_outputs) and instructs the agent to parse and act on returned connector Swagger specs, flow definitions, and action outputs—which frequently contain arbitrary user-generated or external HTTP content from third‑party connectors—so untrusted third‑party content is fetched and interpreted as part of the workflow.