looker-studio-bigquery
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) due to its data-handling design. It is designed to ingest and reason about external configuration files and SQL reporting specs found in the workspace.
- Ingestion points: The skill uses
Read,Glob, andGreptools to intake content from arbitrary workspace files (e.g., repository files tied to dashboard delivery). - Boundary markers: The instructions do not define clear delimiters or "ignore embedded instructions" blocks when the agent is reading file content.
- Capability inventory: The skill possesses
WriteandEditcapabilities, allowing the agent to modify the workspace based on instructions that could be maliciously embedded in the analyzed data files. - Sanitization: No validation or sanitization routines are specified for content retrieved via the file-system tools.
Audit Metadata