Skills
skills/legout/data-platform-agent-skills/data-engineering-catalogs/Gen Agent Trust Hub

data-engineering-catalogs

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [CREDENTIALS_UNSAFE] (HIGH): The file duckdb-multisource.md contains a hardcoded connection string postgres://user:pass@localhost:5432/source_db. Although these appear to be placeholders, hardcoding credentials in connection strings is a high-risk pattern.
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The skill executes INSTALL commands for several DuckDB extensions (httpfs, postgres, delta, iceberg, ducklake). This triggers the download and execution of remote binaries at runtime.
  • [COMMAND_EXECUTION] (LOW): The skill provides the capability to execute arbitrary SQL commands via con.execute. This includes file system access (catalog.duckdb) and network connections to S3 and remote databases.
  • [INDIRECT_PROMPT_INJECTION] (MEDIUM): The skill creates a surface for indirect prompt injection by ingesting data from untrusted external sources (Postgres, S3, Iceberg) via unified views. If an agent processes the output of these views, malicious content in the source data could influence agent behavior.
  • Ingestion points: duckdb-multisource.md (via ATTACH and CREATE VIEW from S3 and Postgres).
  • Boundary markers: None present in SQL queries.
  • Capability inventory: con.execute for SQL execution and database management.
  • Sanitization: No sanitization or filtering of external data content is implemented.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 06:52 AM