Skills
skills/metabase/agent-skills/metabase-full-app-to-modular-embedding-upgrade/Gen Agent Trust Hub

metabase-full-app-to-modular-embedding-upgrade

Fail

Audited by Gen Agent Trust Hub on Mar 20, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads technical documentation from the official Metabase domain (metabase.com). This is a legitimate vendor resource used to provide the agent with accurate migration instructions for specific software versions.
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to run curl for downloading documentation and utilizes Grep for local project analysis. These tools are used within the scope of identifying code patterns that require migration.
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it ingests remote documentation that could theoretically contain malicious instructions targeting the agent.
  • Ingestion points: Documentation is fetched via curl and loaded into the agent's context using the Read tool in Step 0 and Step 1a.
  • Boundary markers: The skill does not define specific delimiters or instructions to ignore embedded commands within the downloaded text files.
  • Capability inventory: The agent is granted powerful tools including Bash, Write, Edit, and TaskCreate, which could be abused if the ingested content is malicious.
  • Sanitization: There is no evidence of validation or filtering of the downloaded documentation before it is processed by the model.
Recommendations
  • HIGH: Downloads and executes remote code from: https://www.metabase.com/docs/v0.{VERSION}/llms-embedding-full.txt - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 20, 2026, 04:41 AM