ggsql
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the ggsql CLI through a restricted bash environment (Bash(ggsql:*)). It defines specific subcommands such as exec, run, and validate for processing queries. The use of a scoped tool configuration is a security best practice that limits the agent's ability to execute arbitrary shell commands.
- [EXTERNAL_DOWNLOADS]: Includes a reference to documentation at https://ggsql.org/syntax/index.llms.md. This is a passive documentation link and does not involve automated package downloads or script execution during skill operation.
- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks as it translates user descriptions into CLI queries. However, this is inherent to the tool's function and the risk is mitigated by the constrained ggsql syntax.
- Ingestion points: User descriptions of desired visualizations (SKILL.md).
- Boundary markers: None explicitly defined for user input within the query generation instructions.
- Capability inventory: The ggsql CLI (via SKILL.md) can read files (FROM) and write outputs (--output).
- Sanitization: The skill relies on the agent's adherence to the documented ggsql syntax and doesn't specify additional sanitization steps for user-provided strings.
Audit Metadata