flowstudio-power-automate-monitoring

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly reads and parses user-generated flow data and free-text fields from the FlowStudio MCP cached store (e.g., get_store_flow, get_store_flow_errors, get_store_flow_runs — including flow descriptions, runError JSON, and remediation hints), and those untrusted texts are used to inform diagnostics and follow-up actions (e.g., remediation, switching to live tools), creating a clear path for indirect prompt injection from third‑party/user content.