duckdb
Fail
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches installation components from
https://install.duckdb.org, the official domain for the DuckDB project.\n- [REMOTE_CODE_EXECUTION]: The skill includes instructions to execute a script fromhttps://install.duckdb.orgdirectly in the shell. This is a standard installation method for this well-known database tool.\n- [COMMAND_EXECUTION]: Provides commands to install DuckDB via package managers such asbrew,conda,pip, andnpm, as well as commands for CLI usage.\n- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection.\n - Ingestion points: Reads data from files like
data.csv,users.parquet, andusers.json(referenced inSKILL.md).\n - Boundary markers: No delimiters or safety instructions are provided in the examples to mitigate instructions embedded within data files.\n
- Capability inventory: The
duckdbtool has the capability to execute SQL and interact with the local file system (documented inSKILL.md).\n - Sanitization: The provided examples do not demonstrate validation or sanitization of data processed by the database engine.
Recommendations
- HIGH: Downloads and executes remote code from: https://install.duckdb.org - DO NOT USE without thorough review
Audit Metadata