read-file
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It ingests data from untrusted external files and provides the content to the agent for analysis. Ingestion points: External data files (local or remote) resolved in SKILL.md and read via the read_any macro. Boundary markers: Absent. No delimiters or instructions are used to separate data from instructions. Capability inventory: Bash tool access for subprocess calls (find, git, duckdb) and file-write operations (appending to state.sql) in SKILL.md. Sanitization: Absent. External data is processed directly by DuckDB and then described by the agent.
- [EXTERNAL_DOWNLOADS]: The skill downloads and installs DuckDB extensions at runtime. While most are official core extensions, it also references a community extension for GCS support from a third-party GitHub repository (northpolesec/duckdb-gcs).
- [COMMAND_EXECUTION]: The skill executes shell commands via Bash, including find for local file resolution and duckdb for data processing. User-provided filenames are incorporated into these commands.
Audit Metadata