The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill references standard, industry-recognized libraries and frameworks such as FastAPI, Express, Streamlit, and Google Cloud client libraries. These are official dependencies from trusted sources and are used for their intended development purposes.
[COMMAND_EXECUTION]: The skill suggests the use of browser automation tools like Puppeteer, Playwright, or browser_subagent for visual verification of the generated frontend. This is a common and recommended development practice for ensuring UI quality and does not represent an unauthorized command execution risk.
[DATA_EXFILTRATION]: Data operations are designed to interact with Google Cloud BigQuery via official SDKs. The code examples correctly use environment variables and placeholders for project and table identifiers, ensuring that sensitive configuration is managed securely and not hardcoded.
[PROMPT_INJECTION]: The 'chat with your data' feature introduces a surface area for indirect prompt injection (Category 8), as the model processes both user input and database content. However, the skill implements architectural safeguards, such as structured system instructions and server-sent events for response streaming, to maintain control over the model's behavior. This is an expected component of the requested functionality and is handled according to best practices.

building-data-apps