Skills
skills/jwmossmoz/agent-skills/redash/Gen Agent Trust Hub

redash

Pass

Audited by Gen Agent Trust Hub on Feb 20, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • PROMPT_INJECTION (LOW): The skill exhibits an indirect prompt injection surface (Category 8) by design, as it accepts and executes SQL queries that may incorporate untrusted user data.
  • Ingestion points: The --sql command-line argument and template placeholders (e.g., {user_email}, {start_date}) defined in references/common-queries.md.
  • Boundary markers: Absent; there are no delimiters or instructions to prevent the agent from obeying instructions embedded in the data.
  • Capability inventory: The script scripts/query_redash.py performs network POST and GET requests to https://sql.telemetry.mozilla.org and writes query results to the local filesystem via the --output parameter.
  • Sanitization: Absent; the SQL string is passed directly to the Redash API without validation or escaping.
  • COMMAND_EXECUTION (LOW): The skill facilitates the execution of SQL commands against a remote BigQuery instance via the Redash API. While the scope is restricted by the API's permissions, it allows for arbitrary data retrieval tasks.
  • DATA_EXFILTRATION (LOW): The skill performs network operations to a non-whitelisted domain (sql.telemetry.mozilla.org). While these are necessary for the skill's primary function, the ability to write result sets to arbitrary local paths using the --output flag presents a minor risk of data leakage or file overwriting if misdirected.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 20, 2026, 11:29 PM