powerbi-report-authoring
Fail
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The PowerShell script 'scripts/bpa.ps1' downloads a ZIP archive from a third-party repository (github.com/NatVanG/PBI-InspectorV2), extracts an executable, and runs it using 'Start-Process'. This pattern allows for the execution of unverified external binaries.
- [EXTERNAL_DOWNLOADS]: The skill performs runtime downloads of executables and configuration files from non-trusted external sources.
- [COMMAND_EXECUTION]: The skill invokes a downloaded CLI tool ('PBIRInspectorCLI.exe') via PowerShell with parameters derived from report file paths.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes user-supplied Power BI JSON definitions that may contain malicious instructions. Ingestion points: Reads 'visual.json' and 'page.json' files from the user's report directory. Boundary markers: No delimiters or instructions are used to ignore embedded commands. Capability inventory: The skill can execute local scripts and binaries. Sanitization: No content validation or escaping is performed on the ingested JSON data before it is used in the agent's workflow.
Recommendations
- AI detected serious security threats
Audit Metadata