Skills
skills/gemini-cli-extensions/bigquery-data-analytics/bigquery-ai-ml/Gen Agent Trust Hub

bigquery-ai-ml

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill is a technical reference for official Google Cloud BigQuery features. Analysis of the instructions and reference files revealed no malicious logic, unauthorized network requests, persistence mechanisms, or credential harvesting patterns.
  • [PROMPT_INJECTION]: The skill documents the use of LLM-integrated functions (e.g., AI.GENERATE, AI.CLASSIFY) that process content from database tables, which is a potential surface for indirect prompt injection.
  • Ingestion points: SQL examples in files such as references/bigquery_ai_generate.md and references/bigquery_ai_classify.md ingest data from database columns (e.g., article_content).
  • Boundary markers: Examples typically use string concatenation (e.g., 'Summarize: ' || data) to build prompts, which offers limited separation between instructions and untrusted data.
  • Capability inventory: The skill is intended to be used with the execute_sql() tool to perform analysis and content generation.
  • Sanitization: No specific prompt sanitization or delimiter-based protection is suggested in the provided templates, though the functions themselves include safety rating metadata in their full responses.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 05:23 AM
Security Audit — agent-trust-hub — bigquery-ai-ml