bpa-rules
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is subject to Indirect Prompt Injection risks (Category 8) because its core functionality relies on the investigation of external, potentially untrusted Power BI semantic models. These models can contain custom 'BestPracticeAnalyzer' annotations or object descriptions which could be leveraged by an attacker to deliver hidden instructions to the agent when it summarizes model findings.
- Ingestion points: TMDL files, .bim files, and remote model metadata retrieved via the Fabric CLI.
- Boundary markers: The instructions do not specify the use of secure delimiters or negative constraints to prevent the agent from obeying instructions embedded within the ingested model content.
- Capability inventory: The agent can read files, execute CLI tools (fab), and run local validation scripts.
- Sanitization: There is no mention of sanitizing or filtering external metadata before processing it in the agent context.
- [SAFE]: The skill references external rule sets and documentation from established and trusted sources, such as the official Tabular Editor and Microsoft repositories. These are standard resources in the Power BI ecosystem and do not involve unverifiable remote code execution.
- [SAFE]: The included validation script
scripts/validate_rules.pyis a legitimate utility for checking JSON schema compliance. It performs standard file system operations (reading JSON, converting line endings, and correcting structure) without any evidence of malicious behavior, exfiltration, or obfuscation.
Audit Metadata