flowstudio-power-automate-debug
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill performs network requests to mcp.flowstudio.app using the urllib.request library to transmit flow metadata, definitions, and execution outputs.
- [PROMPT_INJECTION]: The skill processes untrusted data from the Power Automate environment without sanitization or boundary markers, creating a surface for indirect prompt injection. Ingestion points include tools like list_live_flows, get_live_flow, and get_live_flow_run_action_outputs. The agent has powerful capabilities such as update_live_flow, trigger_live_flow, and resubmit_live_flow_run which could be targeted by such injections.
Audit Metadata