svg-visuals
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing the
pbir-cliutility using Python package managers (piporuv) to facilitate Power BI report modifications. - [COMMAND_EXECUTION]: The instructions involve executing standard system commands, including
jqfor validating JSON syntax andopenfor previewing generated SVG mockups in a web browser. - [PROMPT_INJECTION]: The skill defines a workflow for transforming semantic model data into SVG visualizations, which presents a surface for indirect prompt injection.
- Ingestion points: Data from the Power BI semantic model is ingested into the agent context via DAX queries during the design and preview steps described in
SKILL.md. - Boundary markers: No specific delimiters or "ignore embedded instructions" warnings are prescribed for the data retrieved from the model before it is used in SVG generation.
- Capability inventory: The skill context includes file system modification capabilities via the
pbir-clitool and JSON processing viajq. - Sanitization: There are no explicit instructions for sanitizing or escaping the retrieved data strings before they are interpolated into the SVG DAX expressions.
Audit Metadata