power-platform-mcp-connector-suite
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill mentions and utilizes
paconn(Microsoft Power Platform Connectors CLI) andpac CLI(Microsoft Power Platform CLI) for validating and creating connector packages. These are official tools from a trusted vendor. - [COMMAND_EXECUTION]: The instructions include specific command-line operations such as
paconn validate --api-def ...andpac connector create/updatewhich are standard procedures for deploying Power Platform assets. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it takes user-defined values (like
Tools NeededandServer Purpose) and uses them to construct code files (apiDefinition.swagger.jsonandscript.csx). - Ingestion points: Context variables in
SKILL.md(e.g.,Connector Name,Server Purpose,Tools Needed,Resources). - Boundary markers: The skill does not define specific delimiters or instructions to ignore instructions embedded within the user-provided data.
- Capability inventory: The agent generates executable script files and configuration schemas based on input strings.
- Sanitization: There are no instructions provided to the agent to escape or sanitize input strings before they are written into the generated artifacts.
Audit Metadata