powerbi-modeling
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it processes metadata (such as table names, descriptions, and DAX expressions) from external Power BI models. A maliciously crafted model could contain instructions intended to subvert the agent's logic.
- Ingestion points: Metadata enters the context through connection_operations, table_operations, and measure_operations as specified in SKILL.md.
- Boundary markers: The instructions lack explicit delimiters or safety guardrails to differentiate between data and instructions within the ingested metadata.
- Capability inventory: The agent has the ability to modify model schemas, create measures, and configure security roles via various MCP tool categories documented in SKILL.md.
- Sanitization: There is no evidence of sanitization or filtering of the metadata before it is processed by the agent.
Audit Metadata