onequery-cli
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
@onequery/clipackage from npm, which is the expected tool for interacting with the OneQuery service. - [COMMAND_EXECUTION]: The agent uses the
onequeryCLI to perform authentication, organization lookup, and read-only SQL queries. - [SAFE]: The skill incorporates safeguards against Indirect Prompt Injection (Category 8) by instructing the agent to treat CLI output as data rather than instructions.
- Ingestion points: CLI output from
onequery query execand metadata commands. - Boundary markers: Specific guardrail in
SKILL.mdto ignore instructions in output. - Capability inventory: Shell access to the
onequerybinary. - Sanitization: Agent-led separation of data and control logic per instructions.
- [SAFE]: Query safety is maintained by requiring validation and applying strict resource limits like
--max-rowsand--max-bytes.
Audit Metadata