data-engineering-catalogs
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation includes commands for DuckDB to install and load various extensions (httpfs, postgres, delta, iceberg, ducklake) which are fetched from DuckDB's registry at runtime.
- [COMMAND_EXECUTION]: The skill provides bash commands for orchestrating a Hive Metastore environment using Docker and initializing relational database schemas with the schematool utility.
- [CREDENTIALS_UNSAFE]: Configuration examples for the Hive Metastore include hardcoded default credentials (username 'hive', password 'hive') which, while standard for local development tutorials, represent a potential risk if deployed in production.
- [PROMPT_INJECTION]: The skill establishes a surface for indirect prompt injection by demonstrating how to aggregate and query data from multiple untrusted external sources like PostgreSQL and S3 into a unified view.
- Ingestion points: The files SKILL.md and duckdb-multisource.md describe attaching external databases and scanning S3 storage locations.
- Boundary markers: No boundary markers or instructions to disregard embedded content are present in the provided SQL or Python snippets.
- Capability inventory: The skill utilizes duckdb.execute which allows for SQL execution, file system access via S3, and network connections to external databases.
- Sanitization: No data validation or sanitization logic is included for the data retrieved from the attached catalog sources.
Audit Metadata