connect-pbid

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and installs third-party DAX library packages and raw files from public registries (daxlib.org / GitHub raw URLs via the included daxlib CLI and download commands) and instructs using online Microsoft docs fetches, so the agent will ingest and act on untrusted, user-produced content (daxlib packages) as part of its workflow (see SKILL.md and references/daxlib.md describing download/add/update/remove and raw GitHub URLs).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill runs runtime installers and downloaders (e.g., nuget install Microsoft.AnalysisServices... and the daxlib CLI which fetches packages from daxlib.org and raw GitHub URLs such as https://raw.githubusercontent.com/daxlib/daxlib/main/... and the GitHub API https://api.github.com/...), which retrieve remote DLLs/TMDL/DAX function files that are then loaded or installed and thus execute remote code required for the skill to operate.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill explicitly instructs bypassing Windows script execution policy ("-ExecutionPolicy Bypass") and directs creating persistent scripts in agent harness directories, which encourages circumventing security controls and changing host state, so it should be flagged.