power-query
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The Python scripts
execute_m.pyandpreview_partition.pyusesubprocess.runto call the Azure CLI (az) for authentication tokens and thefabCLI for retrieving model definitions. This behavior is standard for tools designed to automate Fabric operations. - [EXTERNAL_DOWNLOADS]: Documentation and scripts reference the use of the
pyarrowlibrary, a well-known and trusted package for processing Arrow-formatted data returned by the Fabric API. - [REMOTE_CODE_EXECUTION]: The skill facilitates the execution of Power Query M code via the official Microsoft Fabric
executeQueryendpoint. This is the core functionality intended for testing and validating data transformations. - [DYNAMIC_EXECUTION]: The
preview_partition.pyscript employs__import__andsys.pathmodifications to load its companion moduleexecute_m.pyat runtime. While this is a form of dynamic loading, it is used here to reference local project files rather than untrusted external code. - [PROMPT_INJECTION]: The skill ingests semantic model definitions (TMDL) from external Fabric workspaces. This represents an indirect prompt injection surface where a compromised model definition could potentially contain malicious M code or instructions.
- Ingestion points:
preview_partition.pyretrieves TMDL content via thefab getcommand. - Boundary markers: Absent; the script parses the raw TMDL payload directly.
- Capability inventory: Includes network requests to Fabric APIs (
execute_m.py) and local command execution viasubprocess. - Sanitization: No sanitization or validation is performed on the M expressions extracted from the TMDL files before execution.
Audit Metadata