data-engineering-catalogs

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt contains multiple examples that embed credentials directly (e.g., JDBC URLs with user:pass, postgresql.password, ACCESS_KEY_ID 'AKIA...', token='tabular-token-...'), which instructs or models including secrets verbatim in commands/configs and thus creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (SKILL.md and duckdb-multisource.md) explicitly instructs the agent to ATTACH and query external sources such as arbitrary Postgres URLs (ATTACH 'postgres://user:pass@host...'), Unity Catalog endpoints (e.g., 'https://api.tabular.io'), S3/Delta/Iceberg catalogs and then build unified views over their data, meaning untrusted, user-provided third‑party content is ingested and directly used to drive queries and validation logic.