speckle-impl-powerbi
Warn
Audited by Snyk on May 15, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill's core workflow calls Speckle.GetByUrl and Speckle.Projects.Issues to load data from https://app.speckle.systems (model URLs, project issues and reply threads), which are untrusted/user-generated third‑party contents that the connector ingests and that the Power Query logic and visuals use to drive queries, mappings, and report behavior—thus allowing indirect injection via that external content.
MEDIUM W013: Attempt to modify system services in skill instructions.
- Attempt to modify system services in skill instructions detected (high risk: 0.90). The prompt instructs modifying system-level configuration (editing HKLM registry keys to register certificate thumbprints and copying connector files into service-profile/system folders) and installing gateway components that require administrator privileges, which would change the machine state and require elevated access.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W013
MEDIUMAttempt to modify system services in skill instructions.
Audit Metadata