power-bi-deployment
Pass
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
pbi-cli-toolpackage viapipx. This is an external dependency used to provide the primary functionality of the skill. - [COMMAND_EXECUTION]: The skill makes extensive use of the
pbi-clitool to execute shell commands for Power BI operations, such as connecting to databases (pbi connect), exporting/importing model definitions (pbi database export-tmdl), and managing transactions. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes external data from TMDL (Tabular Model Definition Language) and TMSL (Tabular Model Scripting Language) files.
- Ingestion points: The agent reads and processes files from TMDL export folders and TMSL JSON files during import and diff operations.
- Boundary markers: The instructions do not define explicit boundary markers or delimiters to separate untrusted file content from system instructions.
- Capability inventory: The skill has the capability to execute commands that modify database schema, create measures, and commit transactions via the
pbicommand-line interface. - Sanitization: There is no evidence of sanitization or validation of the content within the TMDL/TMSL files before they are processed by the agent or the CLI tool.
Audit Metadata