The Agent Skills Directory

Indirect Prompt Injection Surface: The documentation describes functions that process unstructured data from BigQuery tables using natural language models. This creates a potential surface where instructions embedded in the data could influence the model's output.
Ingestion Points: Data is ingested from various table columns (such as article_content, invoice_text, and email_address) and passed as inputs to AI.* functions in files like references/bigquery_ai_generate.md and references/bigquery_ai_generate_bool.md.
Boundary Markers: Several examples utilize direct string concatenation, such as 'Summarize this article: ' || article_content, without providing clear delimiters or instructions for the model to ignore potential command-like patterns within the data content.
Capability Inventory: The skill utilizes execute_sql() to perform these operations. While the scope is limited to SQL execution within BigQuery, the generated results can influence subsequent steps in an agent's task execution.
Sanitization: The reference materials do not specify automated sanitization or filtering logic for the input data before it is processed by the underlying language models.

bigquery-ai-ml