Skills
skills/thanhtoan105/accounting_erp_chatbot/bigquery/Gen Agent Trust Hub

bigquery

Pass

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
  • PROMPT_INJECTION (LOW): The skill documentation allows for the interpolation of untrusted user input into shell commands, creating a surface for indirect prompt injection or SQL injection.
  • Ingestion points: The YOUR_QUERY, PROJECT_ID, and DATASET_NAME placeholders in bq command templates.
  • Boundary markers: No delimiters or explicit instructions to treat interpolated content as untrusted are provided.
  • Capability inventory: Shell execution of the bq CLI tool which can query data, create tables, and write output to the local filesystem.
  • Sanitization: No input validation or escaping logic is defined in the instructions.
  • NO_CODE (SAFE): The skill folder contains no executable scripts, source code, or binary files, consisting solely of a Markdown instruction file.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 19, 2026, 10:42 AM