data-analysis
Warn
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/analyze.pyis vulnerable to SQL injection. It constructs SQL queries by directly interpolating file paths and Excel sheet names into f-strings without escaping (e.g., in_load_exceland_load_csv). An attacker could provide a file with a crafted name (e.g.,data.csv'); [SQL_PAYLOAD] --) to execute arbitrary SQL commands within DuckDB, which has built-in capabilities to read and write files. - [EXTERNAL_DOWNLOADS]: The script dynamically installs the
duckdbandopenpyxlPython packages from the official PyPI registry usingpipat runtime if they are missing. - [EXTERNAL_DOWNLOADS]: The script uses DuckDB's
INSTALL spatial; LOAD spatial;commands, which fetch the spatial extension from DuckDB's official remote servers during initialization. - [REMOTE_CODE_EXECUTION]: The script utilizes
subprocess.runto execute package installation commands and interacts with the DuckDB shell engine. The SQL injection vulnerability provides a mechanism for indirect execution of commands through DuckDB's extended SQL functionality. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through malicious file metadata.
- Ingestion points: User-uploaded file paths in
/mnt/user-data/uploads/and internal Excel sheet names. - Boundary markers: None; data is directly interpolated into command strings.
- Capability inventory: Execution of arbitrary SQL, file read/write access via DuckDB, and shell command execution for package management.
- Sanitization: Partial regex-based sanitization is applied to table names, but the script fails to sanitize or escape the file paths and sheet names used in SQL queries.
Audit Metadata