Skills
skills/snowflake-labs/coco-skills/quickstart-guide/Gen Agent Trust Hub

quickstart-guide

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill fetches markdown documentation and associated code from Snowflake's official GitHub repositories and executes SQL, Python, and Bash code blocks extracted from that content.
  • [COMMAND_EXECUTION]: The skill uses the Bash and snowflake_sql_execute tools to run commands derived from external Quickstart guides. It also performs git clone operations to retrieve companion repository contents for local execution.
  • [EXTERNAL_DOWNLOADS]: The skill retrieves content from GitHub APIs and raw content domains (api.github.com, raw.githubusercontent.com) to access documentation and source code.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its ingestion of external markdown content.
  • Ingestion points: External content is fetched in SKILL.md (Step 2) from GitHub or user-provided URLs matching Snowflake's domains.
  • Boundary markers: The skill does not employ explicit boundary markers or instructions to isolate or ignore embedded instructions within the fetched documentation.
  • Capability inventory: The skill utilizes snowflake_sql_execute, Bash, Write, and Read tools, providing a broad capability surface if malicious instructions were successfully injected.
  • Sanitization: No validation or sanitization of the fetched markdown content is performed before processing and execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 06:35 PM
Security Audit — agent-trust-hub — quickstart-guide