Powerplatform

Pass

Audited by Gen Agent Trust Hub on Jul 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local shell script, tools/package-solution.sh, to package generated flow definitions into deployable ZIP archives.
  • Evidence: SKILL.md specifies the generation process includes calling the packager script.
  • Evidence: tools/package-solution.sh uses standard system utilities such as jq, zip, and uuidgen to assemble the solution structure.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes untrusted user descriptions and local manifest files to generate automation logic.
  • Ingestion points: SKILL.md workflow reads ~/Projects/work/scripts/power-platform/manifest.json and parses natural language user requests.
  • Boundary markers: The skill does not explicitly use delimiters or warnings to isolate untrusted data during the flow generation process.
  • Capability inventory: The skill can read local schemas, write to the file system, and execute the local packaging script.
  • Sanitization: The packaging script performs basic string sanitization (e.g., tr for filenames) but does not validate the internal logic of the generated JSON against malicious intent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 6, 2026, 12:04 PM
Security Audit — agent-trust-hub — Powerplatform