chdb-datastore
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill is developed by ClickHouse Inc. and acts as a wrapper for the legitimate chdb library. All external links and documentation point to verified official resources.
- [SAFE]: Static analysis flags regarding hardcoded credentials refer to standard placeholder values in documentation and examples (e.g., user="root", password="pass", access_key_id="AKIA..."). These are used for instructional purposes and do not represent actual secrets.
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the chdb Python package from official repositories to function.
- [COMMAND_EXECUTION]: A local verification script, scripts/verify_install.py, is included to help users confirm their environment is correctly configured. The script performs benign checks such as version verification and basic data processing tests.
- [PROMPT_INJECTION]: The skill facilitates data ingestion from external sources, which presents an inherent surface for indirect prompt injection. 1. Ingestion points: External data enters through methods like from_file, from_s3, and from_mysql. 2. Boundary markers: No explicit instructions are provided to the agent to treat external data as untrusted content. 3. Capability inventory: The skill generates and executes SQL queries using the chdb engine. 4. Sanitization: Relies on the underlying data engine's standard parsing and query construction logic.
Audit Metadata