The Agent Skills Directory

Official Service Integration: The skill lists available cloud flows by querying official Microsoft Power Automate API endpoints (api.flow.microsoft.com). These network operations use authenticated requests and are limited to retrieving configuration data.
Sanitized Data Processing: Content retrieved from external APIs, such as flow names and descriptions, is properly sanitized before being included in the generated YAML metadata and the HTML review plan. This prevents potential injection issues in the generated project files.
Human-in-the-Loop Validation: The workflow includes a critical review step that generates an HTML plan. This allows users to inspect all proposed web role assignments, scenarios, and metadata changes before any files are written to the local project.
Secure Code Generation: Generated client-side code follows security best practices, including mandatory CSRF token headers (__RequestVerificationToken) and specialized request headers (X-Requested-With) required by the Power Pages cloud flow endpoint.
Least Privilege Role Assignment: The skill's logic encourages the assignment of minimum necessary web roles for each flow, requiring explicit user confirmation if anonymous access is proposed.

add-cloud-flow