duckdb-en
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides many examples for executing system commands via the DuckDB CLI (e.g., duckdb -c), which is the primary intended functionality.
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface: The skill's instructions for reading untrusted data files (CSV, Parquet, JSON) into the agent's context create an opportunity for indirect prompt injection. 1. Ingestion points: SKILL.md (Quick Start, Data Conversion, Analysis Examples, Pipe and Stdin). 2. Boundary markers: No explicit instructions or markers are provided to delimit external content or warn the agent about embedded instructions. 3. Capability inventory: The skill enables command execution, file system access (read/write), and data transformation via the DuckDB CLI. 4. Sanitization: No content validation or sanitization methods are mentioned for processed files.
Audit Metadata