Skills
skills/julianobarbosa/claude-code-skills/power-bi-report/Gen Agent Trust Hub

power-bi-report

Pass

Audited by Gen Agent Trust Hub on Jun 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill leverages the pbi-cli tool to execute various project-related commands, including scaffolding (pbi report create), metadata summary (pbi report info), and desktop integration (pbi report reload).\n- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install optional features using pip install pbi-cli-tool[preview] and pip install pbi-cli-tool[reload]. These packages are legitimate components of the tool provided by the vendor.\n- [PROMPT_INJECTION]: The skill processes data from Power BI JSON configuration files, creating a surface for indirect prompt injection.\n
  • Ingestion points: Data is ingested from various files including report.json, pages.json, and visual.json within the project directory.\n
  • Boundary markers: The skill does not implement specific boundary markers to isolate file content from the agent's instruction context.\n
  • Capability inventory: The tool can execute shell commands, host a local web server for report previews, and automate keyboard shortcuts for desktop synchronization.\n
  • Sanitization: While the tool performs JSON schema validation, it does not explicitly sanitize the content for potential instruction-based attacks.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 15, 2026, 04:17 PM
Security Audit — agent-trust-hub — power-bi-report