Skills
skills/metabase/agent-skills/metabase-static-embedding-to-guest-embedding-upgrade/Gen Agent Trust Hub

metabase-static-embedding-to-guest-embedding-upgrade

Fail

Audited by Gen Agent Trust Hub on Mar 20, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches documentation files from the vendor's official website (metabase.com). These files are used as the authoritative source for mapping iframe attributes to web components during the migration process.
  • [COMMAND_EXECUTION]: Uses the Bash tool to execute curl commands for downloading external documentation. While the target domain is a well-known vendor site, the skill relies on executing these commands to retrieve operational data.
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection (Category 8) by downloading external text content and using it to influence the behavior of high-privilege tools like Edit and Write.
  • Ingestion points: Documentation is fetched via curl from https://www.metabase.com/docs/v0.{VERSION}/llms-embedding-full.txt and read into the agent's context.
  • Boundary markers: There are no explicit instructions or delimiters used to prevent the agent from following malicious instructions that might be embedded in the fetched documentation.
  • Capability inventory: The skill has broad capabilities including Bash for command execution, Write and Edit for filesystem modifications, and TaskUpdate for managing the migration workflow across the project.
  • Sanitization: The skill does not perform any sanitization or validation of the fetched documentation before using its contents to generate code changes or migration plans.
Recommendations
  • HIGH: Downloads and executes remote code from: https://www.metabase.com/docs/v0.{VERSION}/llms-embedding-full.txt - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 20, 2026, 04:41 AM