analysis-report
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [Data Exposure] (MEDIUM): The workflow explicitly instructs the agent to read
db/schema.rbin Rails projects. While this is intended for context gathering, it exposes the entire internal database structure, which is sensitive architectural information. - [Indirect Prompt Injection] (MEDIUM): The skill processes external content such as 'API docs or sample data for external services' to inform the 'Build Query' step.
- Ingestion points: Step 2 (Discover Data) reads external API documentation.
- Boundary markers: None identified in the provided instructions.
- Capability inventory: Uses the
/bq-queryskill to execute BigQuery commands based on the gathered context. - Sanitization: No sanitization or validation of the external content is mentioned. A malicious API document could contain instructions designed to influence the generated SQL queries.
- [Tool Chain Risk] (LOW): The skill relies on external tools (
/bq-query,/lint-doc). Its safety is partially dependent on the permission model and safety constraints of those downstream components.
Audit Metadata