Skills
skills/promovaweb/skills-devops/promovaweb-devops-review-metabase-stack/Gen Agent Trust Hub

promovaweb-devops-review-metabase-stack

Pass

Audited by Gen Agent Trust Hub on Mar 28, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill reads and processes content from external files (metabase.yaml and postgres.yaml), which creates a surface for indirect prompt injection.
  • Ingestion points: Reads project-specific YAML configuration files.
  • Boundary markers: None identified; the skill does not use delimiters to wrap or identify external content.
  • Capability inventory: Limited to file reading and generating a markdown report (metabase.audit.md). It lacks network access, privilege escalation, or arbitrary code execution tools.
  • Sanitization: None identified; the skill assumes valid configuration data and does not sanitize input for malicious instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 28, 2026, 04:37 PM