Skills
skills/hyperfx-ai/marketing-skills/analytics-insights/Gen Agent Trust Hub

analytics-insights

Pass

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from multiple external sources.
  • Ingestion points: google_analytics_run_ga4_report, gtm_tag(operation="list"), and bigquery_execute_query results (SKILL.md, references/gtm-audit.md, references/bigquery-ga4-export.md).
  • Boundary markers: The instructions do not provide explicit delimiters or warnings for the agent to ignore instructions embedded within the retrieved analytics data or SQL results.
  • Capability inventory: The agent has high-privilege capabilities including modifying GTM tags (injecting JS into websites), executing arbitrary SQL in BigQuery, and deleting GA4 properties (SKILL.md).
  • Sanitization: There is no mention of sanitizing or escaping the data retrieved from external APIs before it is processed by the agent.
  • [COMMAND_EXECUTION]: The skill facilitates the execution of arbitrary SQL queries via the bigquery_execute_query tool. This allows the agent to read, write, or potentially delete data within the user's BigQuery project based on its permissions (references/bigquery-ga4-export.md). It also allows modifying production website logic by creating or updating tags via gtm_tag (references/gtm-audit.md).
  • [DATA_EXFILTRATION]: The skill has broad access to sensitive business data, including search performance (GSC), user behavior (GA4), and internal datasets (BigQuery). While the skill's purpose is to report on this data, the combination of read access to sensitive records and the ability to output that data to the chat window creates a risk of sensitive data exposure (SKILL.md).
Audit Metadata
Risk Level
SAFE
Analyzed
May 2, 2026, 04:20 AM