data-engineering-storage-remote-access-integrations-duckdb

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples that embed AWS/S3 credentials directly (e.g., SET s3_access_key_id='AKIA...'; SET s3_secret_access_key='...'; and os.environ assignments), which instructs placing secret values verbatim into commands/code and thus risks exfiltration.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill demonstrates reading and querying arbitrary remote files (e.g., via HTTPFS read_parquet('s3://bucket/...'), read_csv('gs://bucket/...'), fsspec-registered filesystems, and HTTP endpoints) which ingests untrusted, user-provided content from public cloud storage/URLs into the agent's workflow.