Skills
skills/exasol-labs/exasol-agent-skills/exasol-bucketfs/Gen Agent Trust Hub

exasol-bucketfs

Warn

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: In the 'Typical Use Cases' section, the skill provides a Python UDF example that uses pickle.load() to deserialize a model file retrieved from BucketFS. The pickle library is notoriously insecure, as it can be exploited to execute arbitrary code if the input file is malicious.
  • [CREDENTIALS_UNSAFE]: The skill documents the structure of the ~/.exapump/config.toml file, which is used to store sensitive connection details such as password, bfs_write_password, and bfs_read_password in plain text. Storing secrets unencrypted on the file system increases the risk of credential theft if the local environment is compromised.
  • [COMMAND_EXECUTION]: The skill facilitates the management of the BucketFS file system through the exapump CLI tool. This involves executing system commands for operations like listing, copying, and deleting files, which represents an interaction with the underlying shell environment using the vendor-provided utility.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 10, 2026, 03:50 AM