Skip to content

Security: bukowski777/power-automate-authoring-skill

Security

SECURITY.md

Security

Do not commit:

  • secrets, access tokens, refresh tokens, connection strings, private keys, or tenant credentials;
  • private environment URLs, tenant IDs, client names, exported run payloads, screenshots, logs, or production data;
  • deployment settings files containing tenant URLs, connection IDs, environment variable values, support recipients, or production configuration;
  • raw TRY/CATCH payloads, run histories, trigger bodies, action outputs, or screenshots containing connector data;
  • solution ZIPs, unpacked solution exports, temporary debug folders, or flow run artifacts.

Use placeholders such as <environment-url>, <solution-name>, <flow-name>, <connection-reference>, and <sharepoint-site-url>.

Before publishing, run:

bash scripts/validate-skill.sh
git diff --check

There aren't any published security advisories