Skills
skills/julianobarbosa/claude-code-skills/power-bi-partitions/Gen Agent Trust Hub

power-bi-partitions

Warn

Audited by Gen Agent Trust Hub on Jun 15, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of pbi-cli-tool via pipx. This dependency originates from an unverified source, which can pose a supply chain risk if the package is compromised.
  • [COMMAND_EXECUTION]: The skill executes multiple shell commands using the pbi CLI tool. These commands include creating, deleting, and refreshing partitions, which involve significant modifications to Power BI data models.
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection.
  • Ingestion points: Data is ingested from external Power BI models using pbi --json partition list and pbi --json expression list in SKILL.md.
  • Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands in the ingested model data.
  • Capability inventory: The skill has the capability to execute pbi-cli commands that create, delete, or refresh partitions and expressions.
  • Sanitization: There is no evidence of sanitization or validation of the content retrieved from the Power BI model before it is processed by the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 15, 2026, 04:17 PM
Security Audit — agent-trust-hub — power-bi-partitions