project-packager
Pass
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONNO_CODE
Full Analysis
- [COMMAND_EXECUTION]: The skill guides the agent to use local Python scripts (
scaffold_pbip.py,package_pbip.py) to manage the PBIP directory structure and create zip archives. These commands are necessary for the skill's stated purpose. - [NO_CODE]: The core logic for scaffolding and packaging is located in external scripts and is not provided within the skill's file set.
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it ingests and processes TMDL and JSON files from external sources.
- Ingestion points: Power BI TMDL (database, model, relationships, tables) and visual definition JSON files.
- Boundary markers: None explicitly defined in the workflow instructions.
- Capability inventory: Execution of Python scripts via the shell.
- Sanitization: Validation is performed by the external
package_pbip.pyscript as described in the documentation. - [SAFE]: The skill uses official Microsoft Power BI JSON schemas and standard project structures, representing benign and expected development behavior.
Audit Metadata