The Agent Skills Directory

[SAFE]: No malicious code patterns, obfuscation, or persistence mechanisms were detected in the skill's instructions or Python scripts.
[EXTERNAL_DOWNLOADS]: The validate_report.py script fetches official JSON schemas from developer.microsoft.com and raw.githubusercontent.com/microsoft/ to perform structural validation of the generated report files. These requests target well-known, trusted domains and are hardened with an internal allowlist.
[DATA_EXFILTRATION]: No unauthorized data exfiltration or access to sensitive local file paths (such as SSH keys or cloud credentials) was detected. The scripts operate exclusively on the provided report folder.
[PROMPT_INJECTION]: The skill instructions do not contain patterns attempting to override agent behavior, extract system prompts, or bypass safety guidelines.
[COMMAND_EXECUTION]: Shell commands documented in the skill are for local execution of the provided utility scripts, which perform deterministic formatting and validation tasks.
[INDIRECT_PROMPT_INJECTION]: While the skill generates report JSON based on external design specifications, it provides a robust validation gate (pbir_gate.py) that checks the output against official schemas, effectively mitigating the risk of structural manipulation through untrusted input.

power-bi-pbip-report