metabase-modular-embedding-version-upgrade
Fail
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches SDK packages, changelogs, and documentation from official Metabase repositories on GitHub and NPM. These are well-known and trusted vendor sources.\n- [COMMAND_EXECUTION]: Uses shell scripts (probe-versions.sh, fetch-docs.sh) and CLI tools (npm, tar, curl, bash). There is a potential risk of shell injection in probe-versions.sh because user-supplied version strings are passed into shell commands without explicit sanitization.\n- [REMOTE_CODE_EXECUTION]: An automated scanner flagged a remote code execution pattern regarding a changelog download. Analysis confirms the file is downloaded to /tmp and read for content analysis, but not directly executed as a script; however, it represents a data ingestion point for the agent.\n- [PROMPT_INJECTION]: The skill processes external documentation to guide the migration, creating an indirect prompt injection surface. 1. Ingestion points: Documentation and changelogs from GitHub. 2. Boundary markers: Absent. 3. Capability inventory: Bash, Write, and Edit tools used for the migration. 4. Sanitization: Absent.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/metabase/metabase/master/enterprise/frontend/src/embedding-sdk-package/CHANGELOG.md - DO NOT USE without thorough review
Audit Metadata