metabase-cli

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill is a stub that fetches its primary logic and instruction set at runtime using the mb skills get command. This process relies on the @metabase/cli package, which is the official tool provided by the vendor.
  • [COMMAND_EXECUTION]: The skill directs the agent to interact with the environment via the mb CLI. This includes administrative tasks, database inspection, and content management on a Metabase instance. The command mb skills get core is used to bootstrap the agent's context with detailed operational instructions.
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection, as it processes content (such as database metadata, card descriptions, and dashboard titles) from external Metabase instances. If an attacker controls content within the Metabase instance, they could attempt to influence the agent's behavior. This is an inherent risk of tools that process user-generated content.
  • [SAFE]: The dynamic execution patterns and instruction loading originate from the vendor's official CLI tool. The skill includes security-conscious design notes, such as utilizing the CLI's internal "credential redaction" and validation features rather than raw API calls, which helps prevent accidental exposure of sensitive data.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 08:46 AM
Security Audit — agent-trust-hub — metabase-cli