Security Audit
analyzing-marketing-campaign
github.com/https-deeplearning-ai/sc-agent-skills-filesTrust Assessment
analyzing-marketing-campaign received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potential SQL Injection in BigQuery Execution.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 11, 2026 (commit d3e7b4f6). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential SQL Injection in BigQuery Execution The skill directs the agent to accept a date range from a user and use it to construct a SQL query for the `bigquery:execute_sql` tool. The provided example query and instructions do not enforce the use of parameterized queries. This creates a significant risk of SQL Injection, where a malicious user could craft an input string to alter the query's logic, potentially leading to unauthorized data access or exfiltration from the BigQuery table. Update the skill instructions to explicitly require the use of parameterized queries. Instead of showing string-formatted dates, provide an example that uses placeholders (e.g., `WHERE date BETWEEN @start_date AND @end_date`) and instruct the agent to pass the parsed user-provided dates as parameters to the `bigquery:execute_sql` tool. | Static | SKILL.md:36 |
Scan History
Embed Code
[](https://skillshield.io/report/03001918b9362265)
Powered by SkillShield