looker-studio-bigquery
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: Instructions include gcloud CLI commands for project and service management, as well as SQL queries for data processing. These are appropriate for the primary purpose of the skill.
- [INDIRECT_PROMPT_INJECTION]: The skill processes external data from BigQuery, creating an attack surface for indirect prompt injection. 1. Ingestion points: Data is pulled from BigQuery tables such as analytics_dataset.events and looker_studio_data.dashboard_snapshot in SKILL.md. 2. Boundary markers: Lacks delimiters or instructions to ignore embedded commands within the ingested data. 3. Capability inventory: The skill involves executing SQL queries and GCP commands, which could be influenced by malicious data. 4. Sanitization: No sanitization or validation logic is defined for the external data being processed.
- [EXTERNAL_DOWNLOADS]: References to documentation are restricted to well-known Google domains, which are considered safe sources.
Audit Metadata