looker-studio-bigquery

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) due to its data-handling design. It is designed to ingest and reason about external configuration files and SQL reporting specs found in the workspace.
  • Ingestion points: The skill uses Read, Glob, and Grep tools to intake content from arbitrary workspace files (e.g., repository files tied to dashboard delivery).
  • Boundary markers: The instructions do not define clear delimiters or "ignore embedded instructions" blocks when the agent is reading file content.
  • Capability inventory: The skill possesses Write and Edit capabilities, allowing the agent to modify the workspace based on instructions that could be maliciously embedded in the analyzed data files.
  • Sanitization: No validation or sanitization routines are specified for content retrieved via the file-system tools.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 07:06 AM
Security Audit — agent-trust-hub — looker-studio-bigquery