Skills
skills/gemini-cli-extensions/bigquery-data-analytics/bigquery-analytics/Gen Agent Trust Hub

bigquery-analytics

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill scripts download the @toolbox-sdk/server@1.1.0 package from the NPM registry at runtime using the npx command to provide core analytical functionality.
  • [COMMAND_EXECUTION]: The skill invokes its analytical tools as subprocesses using child_process.spawn. It includes robust logic for handling shell execution on Windows and Unix systems, including appropriate argument escaping.
  • [PROMPT_INJECTION]: The skill exposes surfaces for indirect prompt injection as part of its intended functionality for processing complex data queries.
  • Ingestion points: Parameters such as input_data, user_query_with_context, and history_data in SKILL.md accept SQL queries and natural language prompts that represent untrusted data sources.
  • Boundary markers: The instructions do not define explicit boundary markers to separate untrusted data from system instructions.
  • Capability inventory: The skill possesses capabilities for data retrieval and analysis through the integrated toolbox and BigQuery connectors.
  • Sanitization: While the scripts perform shell-level escaping of arguments, the skill does not implement specific sanitization or filtering for the content of processed SQL queries or prompts.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 05:23 AM
Security Audit — agent-trust-hub — bigquery-analytics