metabase-reference
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill defines an indirect prompt injection attack surface where the agent is instructed to ingest data from untrusted or external sources and use it in conjunction with powerful tools. * Ingestion points: metabase.log files, output from the api_call tool, and Linear issue descriptions. * Boundary markers: None identified; the recipes do not include specific delimiters or instructions to ignore embedded commands in the processed data. * Capability inventory: Includes access to repl_eval (Clojure execution), api_call (Metabase API interaction), and run_test. * Sanitization: No specific validation or escaping mechanisms are documented for handling external data before it is passed to tool arguments.
- [COMMAND_EXECUTION]: The skill documents recipes for using the repl_eval and run_test tools, which allow for the execution of arbitrary code and shell commands. This is part of the intended functionality for debugging and reproducing software defects in a Metabase environment.
- [EXTERNAL_DOWNLOADS]: The skill references a jar_download tool and provides fallback instructions using the gh release list command. These operations target the vendor's own binary assets and official GitHub release endpoints.
Audit Metadata