install-duckdb

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow (SKILL.md) runs DuckDB commands like "INSTALL FROM ;" for name@repo arguments—causing the agent to fetch and load extensions from arbitrary external repositories (and it also uses curl to https://duckdb.org/data/latest_stable_version.txt for version checks), so untrusted third‑party content can be retrieved and materially affect runtime behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill, at runtime, fetches https://duckdb.org/data/latest_stable_version.txt to decide whether to prompt for an upgrade and (if the user agrees) runs the documented upgrade/install command curl -fsSL https://install.duckdb.org | sh which downloads and executes remote code, so these URLs are runtime dependencies that can execute remote code.