metabase-reference

Pass

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill defines an indirect prompt injection attack surface where the agent is instructed to ingest data from untrusted or external sources and use it in conjunction with powerful tools. * Ingestion points: metabase.log files, output from the api_call tool, and Linear issue descriptions. * Boundary markers: None identified; the recipes do not include specific delimiters or instructions to ignore embedded commands in the processed data. * Capability inventory: Includes access to repl_eval (Clojure execution), api_call (Metabase API interaction), and run_test. * Sanitization: No specific validation or escaping mechanisms are documented for handling external data before it is passed to tool arguments.
  • [COMMAND_EXECUTION]: The skill documents recipes for using the repl_eval and run_test tools, which allow for the execution of arbitrary code and shell commands. This is part of the intended functionality for debugging and reproducing software defects in a Metabase environment.
  • [EXTERNAL_DOWNLOADS]: The skill references a jar_download tool and provides fallback instructions using the gh release list command. These operations target the vendor's own binary assets and official GitHub release endpoints.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 19, 2026, 08:49 AM
Security Audit — agent-trust-hub — metabase-reference