powerbi-authoring-cli
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFE
Full Analysis
- Official API Integration: The skill interacts exclusively with official Microsoft endpoints, including the Fabric Items API and the Power BI Datasets API, ensuring that data operations remain within the managed cloud ecosystem.
- Authentication Best Practices: Access control is managed through the
az loginflow, requiring valid credentials and appropriate workspace permissions (Contributor or higher) for authoring tasks. It correctly utilizes distinct API audiences for different services to maintain security boundaries. - Standard Payload Handling: The use of Base64 encoding is implemented solely to comply with API requirements for transporting TMDL (Tabular Model Definition Language) files, ensuring data integrity during transport without attempting to hide intent.
- Local Resource Management: The skill uses temporary local file storage for staging JSON payloads prior to API submission. This is a common and expected pattern for CLI-based automation tools.
- Least Privilege Awareness: The documentation includes clear guidance on permissions, explicitly noting that operations will fail if the user only has a 'Viewer' role, reinforcing the principle of least privilege.
Audit Metadata