metabase-database-metadata
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Downloads and executes the @metabase/database-metadata package from the npm registry using npx.
- [COMMAND_EXECUTION]: Uses shell commands including curl, mkdir, rm, and npx to manage metadata files on the local file system. These operations are gated by instructions requiring explicit user requests before execution.
- [CREDENTIALS_UNSAFE]: References the use of a METABASE_API_KEY for authentication. The skill instructs the agent to retrieve this from environment variables or prompt the user directly, adhering to secure secret management practices.
- [PROMPT_INJECTION]: The skill ingests YAML metadata derived from an external Metabase instance, creating an indirect prompt injection surface if descriptions or names in the database schema contain malicious instructions.
- Ingestion points: YAML files stored in the .metadata/databases/ directory.
- Boundary markers: None identified.
- Capability inventory: The skill has access to Read, Edit, Glob, Grep, and Bash tools.
- Sanitization: No explicit sanitization or validation of the YAML content is performed before processing.
Audit Metadata