Security Audit

googlebigquery-automation

github.com/ComposioHQ/awesome-claude-skills

AI SkillCommit 99e2a2951545

TRUSTED

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

googlebigquery-automation received a trust score of 82/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Potential SQL Injection via Raw SQL Query Parameter, Excessive Data Access Permissions.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

78%

Behavioral Risk Signals

Filesystem Write

1 finding

Shell Execution

1 finding

Dynamic Code

1 finding

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Potential SQL Injection via Raw SQL Query Parameter The skill provides the `METABASE_POST_API_DATASET` tool which allows executing raw SQL queries via the `native.query` parameter. If the LLM constructs this query string directly from untrusted user input without proper sanitization or parameterization, it could lead to SQL injection. While the skill documentation mentions `template_tags` for safe parameterization, it also explicitly allows a 'Raw SQL string', creating a direct path for injection if the LLM does not strictly adhere to parameterized queries for user-controlled input. Instruct the LLM to always use `template_tags` for parameterization when user input is involved in constructing SQL queries. Add a strong warning in the skill documentation emphasizing the dangers of directly embedding untrusted input into the `native.query` string. Consider if direct raw SQL execution without parameterization is strictly necessary, or if all user-provided values can be forced through `template_tags`.	LLM	SKILL.md:49
MEDIUM	Excessive Data Access Permissions The skill grants broad capabilities to query and explore BigQuery data through Metabase, including running arbitrary native SQL queries and retrieving full database schema metadata. While this is the intended functionality of a database automation skill, it means that if the LLM is compromised or misused, it has extensive access to potentially sensitive data. The scope of access is determined by the Metabase connection's permissions, which are inherited by this skill. Ensure that the Metabase instance connected to BigQuery operates with the principle of least privilege. Only grant the necessary permissions for the intended use cases. Implement robust access controls and monitoring on the Metabase side. Instruct the LLM to be cautious about what data it queries and to whom it exposes the results.	LLM	SKILL.md:1

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/49cdc7b47b5991f3.svg)](https://skillshield.io/report/49cdc7b47b5991f3)