bigquery
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill provides templates for executing shell commands via the 'bq' utility. This allows the agent to perform data exploration, query execution, and file exports, which represents a significant capability that must be monitored.- [PROMPT_INJECTION] (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8). Data from BigQuery tables is ingested into the agent context without sanitization or boundary markers. 1. Ingestion point: 'bq query' and 'bq head' commands in SKILL.md. 2. Boundary markers: None present to distinguish data from instructions. 3. Capability inventory: Ability to run arbitrary SQL and bash commands. 4. Sanitization: None. A malicious actor could insert instructions into a database table that the agent then 'obeys' when processing query results.
Recommendations
- AI detected serious security threats
Audit Metadata