flowstudio-power-automate-monitoring
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: Credential Security: The skill requires the
FLOWSTUDIO_MCP_TOKENenvironment variable for authentication, which is a secure practice that avoids hardcoding secrets.- [PROMPT_INJECTION]: Indirect Ingestion Point: The skill retrieves and processes data from external sources, including flow descriptions and maker inputs. While this represents a surface where an attacker with control over the Power Automate environment could attempt to inject instructions, it is an expected part of the monitoring process.- [DATA_EXFILTRATION]: Functional Data Access: The skill allows for the retrieval of flow definitions, connection details, and environment configurations. This behavior is documented and essential for its monitoring and governance capabilities and does not constitute unauthorized data exfiltration.
Audit Metadata