chdb-datastore

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). Because the prompt's connection examples embed plaintext credentials and URI auth (e.g., user="root", password="pass" and mysql://root:pass@...), it encourages generating code/commands that include secret values verbatim, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to ingest data from arbitrary external sources — e.g., DataStore.from_url("https://...") and DataStore.from_s3 / DataStore.uri for HTTP(S), S3 and other public URIs are documented in references/connectors.md, examples/examples.md and SKILL.md — so untrusted third‑party content can be fetched and used to drive analysis and subsequent actions.