skills/jeremylongshore/claude-code-plugins-plus-skills/bigquery-ml-model-creator/Gen Agent Trust Hub
bigquery-ml-model-creator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is designed to process user-provided requests to generate BigQuery ML configurations and execute GCP commands.
- Ingestion points: User requests triggered by phrases like "Set up bigquery ml model creator" or "Help me with...".
- Boundary markers: No delimiters or instructions are present to prevent the agent from obeying malicious instructions embedded within user requests.
- Capability inventory: The skill possesses high-privilege capabilities including
Bash(gcloud:*),Write, andEdit(defined inSKILL.md). - Sanitization: There is no evidence of input validation or sanitization, meaning an attacker could craft a request that causes the agent to execute unintended
gcloudcommands. - Command Execution (HIGH): The skill defines
Bash(gcloud:*)in itsallowed-tools. The use of a wildcard (*) grants the agent permission to run any Google Cloud CLI command. If the agent's logic is subverted via prompt injection, this could lead to resource deletion, data exfiltration, or unauthorized configuration changes within the user's GCP environment.
Recommendations
- AI detected serious security threats
Audit Metadata