mlv-operations-cli
Pass
Audited by Gen Agent Trust Hub on Jun 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Instructional Bypass Pattern]: The skill includes an 'Eval mode' instruction that directs the agent to skip human-in-the-loop confirmations when specific phrases like 'I pre-approve' or 'proceed without confirmation' are present in the prompt. While this is intended for automated testing, it constitutes a deliberate bypass of the skill's primary safety mechanism.
- [Command Execution via Official Tooling]: The skill utilizes the
az restcommand to interact with Fabric APIs. This is a standard method for performing administrative tasks in the Microsoft ecosystem, though it involves executing shell commands to perform REST operations. - [Trusted API Communication]: All documented network operations target official Microsoft domains, specifically
api.fabric.microsoft.com. These are well-known and trusted endpoints for the vendor's cloud services. - [Security Gate Implementation]: By default, the skill enforces mandatory confirmation steps before creating schedules or triggering refreshes. This 'human-in-the-loop' approach is a significant security control designed to prevent unintended modifications to the environment.
- [Permission Awareness]: The skill provides clear guidance on the necessary Workspace Contributor or Admin roles required to perform scheduling tasks, encouraging users to adhere to identity and access management requirements.
Audit Metadata