chdb-sql

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples that embed plaintext credentials directly in connection strings (e.g., "mysql(..., 'root', 'pass')"), which instructs the agent to produce code/commands containing secret values verbatim and thus creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's documentation and required workflow explicitly show querying external, untrusted sources (e.g., references/table-functions.md and SKILL.md demonstrate url('https://...'), s3(...) and mysql()/postgresql() table functions), so the agent will fetch and interpret arbitrary third‑party web/cloud/DB content as part of its normal queries, which could materially influence subsequent actions.