programmatic-development
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill provides Python templates and instructions for reading and manipulating JSON-based report files (PBIR format). If an agent uses these to process files from an untrusted source, it could be susceptible to instructions embedded within the report metadata or visual definitions.\n
- Ingestion points: Local filesystem access to
.reportand.datasetdirectories, specifically visual.json and page.json files (SKILL.md, references/pbir-schema-reference.md).\n - Boundary markers: Absent. The code snippets do not implement delimiters or specific instructions to ignore embedded commands in the processed data.\n
- Capability inventory: File system write operations, command execution for project tooling, and XMLA endpoint connectivity.\n
- Sanitization: Absent. Data is loaded and processed directly from JSON sources without structural validation or content sanitization.\n- [SAFE]: Provides instructions for installing official development libraries from Microsoft via
dotnet add package Microsoft.AnalysisServices.NetCore.retail.amd64.\n- [SAFE]: Includes documentation for authentication workflows using standard, non-sensitive placeholders for credentials (e.g.,your-app-client-id,your-client-secret).
Audit Metadata