Skills
skills/bcastelino/powerbi-dashboard-generator/semantic-mapper/Gen Agent Trust Hub

semantic-mapper

Pass

Audited by Gen Agent Trust Hub on Jun 15, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill translates untrusted input from data-model.json or genie-metric-view.yaml into Power BI semantic models. It explicitly instructs the verbatim copying of mCodeAdapter.templates into M-Code partitions, which could allow malicious input to inject unintended code into the Power BI model.
  • Ingestion points: data-model.json and genie-metric-view.yaml files (SKILL.md).
  • Boundary markers: None present.
  • Capability inventory: Generates TMDL files, M-Code partitions, and DAX expressions. Relies on scripts like scaffold_pbip.py to write these artifacts (SKILL.md, scripts/README.md).
  • Sanitization: Absent; the skill is designed to copy template content directly.
  • [COMMAND_EXECUTION]: The skill depends on the execution of external helper scripts (generate_tmdl_scripts.py, scaffold_pbip.py) located at ../../query-to-pbip/scripts/ (scripts/README.md).
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 15, 2026, 08:15 PM
Security Audit — agent-trust-hub — semantic-mapper