metabase-cli
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill is a stub that fetches its primary logic and instruction set at runtime using the
mb skills getcommand. This process relies on the@metabase/clipackage, which is the official tool provided by the vendor. - [COMMAND_EXECUTION]: The skill directs the agent to interact with the environment via the
mbCLI. This includes administrative tasks, database inspection, and content management on a Metabase instance. The commandmb skills get coreis used to bootstrap the agent's context with detailed operational instructions. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection, as it processes content (such as database metadata, card descriptions, and dashboard titles) from external Metabase instances. If an attacker controls content within the Metabase instance, they could attempt to influence the agent's behavior. This is an inherent risk of tools that process user-generated content.
- [SAFE]: The dynamic execution patterns and instruction loading originate from the vendor's official CLI tool. The skill includes security-conscious design notes, such as utilizing the CLI's internal "credential redaction" and validation features rather than raw API calls, which helps prevent accidental exposure of sensitive data.
Audit Metadata