validation-testing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow explicitly fetches and interprets public third‑party content (e.g., loading BPA rules via a raw GitHub URL with Tabular Editor's -A switch, resolving PBIR $schema URLs in SKILL.md/references which are fetched by the jsonschema examples, and calling the external DaxFormatter API), and those external files/URLs directly determine validation results and CI gating, so untrusted remote content can materially change the agent's actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill contains runtime fetches of external artifacts that directly affect execution or validation logic — notably the Tabular Editor portable binary (https://github.com/TabularEditor/TabularEditor/releases/latest/download/TabularEditor.Portable.zip), the BestPracticeRules JSON fetched at runtime (https://raw.githubusercontent.com/TabularEditor/BestPracticeRules/master/BPARules.json), and the PBI-InspectorV2 release zip (https://github.com/NatVanG/PBI-InspectorV2/releases/latest/download/PBIInspectorCLI-linux-x64.zip) — each is fetched/used during runtime and either executes remote code (binaries) or controls the analyzer's ruleset, so they meet the flagging criteria.