The Agent Skills Directory

[Prompt Injection] (LOW): The skill is susceptible to indirect prompt injection via the ingestion of untrusted metadata from Power BI models. Evidence Chain: 1. Ingestion points: Workflow step 1 in SKILL.md uses connection_operations and table_operations to read model state. 2. Boundary markers: Absent; model data is processed without delimiters to separate it from instructions. 3. Capability inventory: Includes high-privilege operations such as dax_query_operations (Execute), security_role_operations (Update), and measure_operations (Update). 4. Sanitization: No sanitization or escaping of model-provided strings is documented before they are added to the agent's context.

powerbi-modeling