query
Fail
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The execution logic in Step 6 uses find "$PWD" -name "", which is susceptible to command injection if the filename is manipulated to include shell metacharacters or find-specific execution flags.
- [COMMAND_EXECUTION]: In Step 5, session mode uses duckdb -c "". This pattern allows for potential shell command injection if the SQL query string is not correctly escaped when interpolated into the command line.
- [EXTERNAL_DOWNLOADS]: The skill uses /duckdb-skills:install-duckdb to manage the installation of the DuckDB binary, fetching and executing code from an external vendor-controlled resource.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from external files. 1. Ingestion points: Data files (CSV, Parquet, etc.) accessed in Steps 4 and 5. 2. Boundary markers: None present; the instructions do not include delimiters or warnings to ignore instructions within the data. 3. Capability inventory: Execution of Bash commands and DuckDB SQL queries with file-system access. 4. Sanitization: Ad-hoc mode uses enable_external_access=false and allowed_paths, but session mode and error handling paths lack these security controls.
Recommendations
- AI detected serious security threats
Audit Metadata