metabase
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill ingests data from remote Metabase instances (SQL snippets, card summaries, dashboard layouts). This establishes an indirect prompt injection surface. To mitigate this, the skill implements 'Context Safety Rules' that use compact summaries and file-based storage for large JSON payloads, preventing external data from overwhelming the agent's context or manipulating its behavior.
- [COMMAND_EXECUTION]: The included end-to-end testing script (
scripts/test-e2e.mjs) utilizesexecSyncto validate the CLI functionality. This is standard development practice and is not invoked as part of the primary agent workflow. - [SAFE]: The skill handles Metabase API keys securely. It provides an interactive setup wizard that allows users to reference environment variables or store keys in a local configuration file with restricted file permissions (0600), which is consistent with security best practices for credential management.
Audit Metadata