Powerplatform
Pass
Audited by Gen Agent Trust Hub on Jul 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local shell script,
tools/package-solution.sh, to package generated flow definitions into deployable ZIP archives. - Evidence:
SKILL.mdspecifies the generation process includes calling the packager script. - Evidence:
tools/package-solution.shuses standard system utilities such asjq,zip, anduuidgento assemble the solution structure. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes untrusted user descriptions and local manifest files to generate automation logic.
- Ingestion points:
SKILL.mdworkflow reads~/Projects/work/scripts/power-platform/manifest.jsonand parses natural language user requests. - Boundary markers: The skill does not explicitly use delimiters or warnings to isolate untrusted data during the flow generation process.
- Capability inventory: The skill can read local schemas, write to the file system, and execute the local packaging script.
- Sanitization: The packaging script performs basic string sanitization (e.g.,
trfor filenames) but does not validate the internal logic of the generated JSON against malicious intent.
Audit Metadata