data-engineering-catalogs

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt contains multiple examples that embed credentials directly (e.g., JDBC URLs with user:pass, postgresql.password, ACCESS_KEY_ID 'AKIA...', token='tabular-token-...'), which instructs or models including secrets verbatim in commands/configs and thus creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's DuckDB multi-source pattern explicitly ATTACHes and queries external sources (e.g., ATTACH 'postgres://user:pass@host:5432/...', ATTACH/ENDPOINT 'https://api.tabular.io', and delta_scan('s3://bucket/...')), meaning it ingests and interprets data from arbitrary/untrusted third-party URLs/databases as part of its workflow.