Skills
skills/metabase/agent-skills/metabase-full-app-to-modular-embedding-upgrade/Gen Agent Trust Hub

metabase-full-app-to-modular-embedding-upgrade

Pass

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches version-specific documentation (llms-embedding-full.txt) from Metabase's official website to provide the agent with the authoritative source for web component attributes and configuration for the target version.
  • [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection by processing external documentation content to guide its migration logic.
  • Ingestion points: External documentation file (llms-embedding-full.txt) fetched via WebFetch from metabase.com in Step 1a.
  • Boundary markers: No specific delimiters or instructions to ignore embedded commands are present in the processing logic.
  • Capability inventory: The skill has Write, Edit, and Bash tools used to modify the project codebase.
  • Sanitization: No validation or sanitization is performed on the content of the downloaded documentation before it is processed.
  • [COMMAND_EXECUTION]: The skill utilizes Grep and Bash tools to perform a detailed scan of the project's source code, environment variables, and template files to identify existing Metabase iframes and authentication configurations.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 9, 2026, 11:41 PM