powerbi-mcp-server-tester
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill requires sensitive PowerBI environment variables, including POWERBI_CLIENT_SECRET, and instructs users to store them in a .env file.
- [COMMAND_EXECUTION]: Executes shell commands via npx and uv to start background processes for the MCP Inspector and PowerBI server.
- [EXTERNAL_DOWNLOADS]: Dynamically downloads the @modelcontextprotocol/inspector package from the npm registry using npx.
- [PROMPT_INJECTION]: Identified an indirect prompt injection surface where the agent extracts a URL from shell output and navigates to it using Playwright. Ingestion points: Command output in Step 2 and web page content in Step 3. Boundary markers: No delimiters are used to isolate untrusted data. Capability inventory: Shell command execution, file system access for reports, and browser automation via Playwright. Sanitization: No validation or sanitization is performed on the extracted URL or the data processed during the browser session.
Audit Metadata