tinybird
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (CRITICAL): The file 'rules/sql.md' was flagged by the URLite scanner for containing a blacklisted malicious URL (Reference ID: URE40E38848FEE8F9C-0200). This indicates a high risk of the agent interacting with known malicious domains or downloading harmful content.
- PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8). Ingestion points: The skill processes untrusted Tinybird project files such as .datasource, .pipe, and .connection. Boundary markers: Absent; there are no instructions or delimiters to help the agent distinguish between its system rules and potentially malicious instructions embedded in the project files. Capability inventory: The skill facilitates the creation and modification of data files and SQL queries. Sanitization: Absent; no input validation or sanitization mechanisms are described for the external data files processed.
Recommendations
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata