dv-query
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection Surface]: The skill is designed to retrieve and process records from Microsoft Dataverse, which acts as an external data source. This is a primary function of the skill, and users should be aware that the data retrieved enters the agent's context.
- Ingestion points: External data enters the agent context through
client.records.get,client.dataframe.get, and raw Web API calls (viaurllib.request) defined in theSKILL.mdfile. - Boundary markers: The instructions do not define specific delimiters or instructions to treat retrieved record data as untrusted content.
- Capability inventory: The skill provides capabilities for Python execution, file system operations (writing CSV files), and network communication with Dataverse endpoints.
- Sanitization: There are no documented sanitization or validation steps for the content retrieved from Dataverse before it is processed or presented to the user.
- [Credential Management Pattern]: The skill utilizes environment variables and local module imports (
scripts/auth.py) for authentication and configuration. This follows common patterns for managing service URLs and access credentials securely outside of the main instruction logic. - [Network Connectivity]: The skill performs network operations to Dataverse API endpoints to retrieve data and execute server-side aggregations. These operations are directed toward Microsoft's official infrastructure as part of the skill's intended data access workflow.
Audit Metadata