power-query-expert
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): No malicious patterns or security vulnerabilities were identified in the provided documentation or code snippets.
- [DATA_EXPOSURE] (SAFE): The skill discusses authentication methods (Basic Auth and API Keys) but explicitly instructs users to enter credentials via the built-in Power BI/Excel authentication prompts rather than hardcoding them in the M code. This aligns with security best practices.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill demonstrates how to process data from external Frappe API endpoints. While this introduces an ingestion surface for untrusted data, it is the primary function of the skill and includes standard sanitization.
- Ingestion points: Data is fetched via Web.Contents in SKILL.md and references/long-polling-api-reference.md.
- Boundary markers: None.
- Capability inventory: Limited to HTTP GET requests for data retrieval.
- Sanitization: Employs Uri.EscapeDataString for query parameters.
Audit Metadata