managing-data-catalogs
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references official Docker images for Apache Hive and Project Nessie, as well as standard extensions for DuckDB. These resources originate from well-known and trusted technology organizations.
- [COMMAND_EXECUTION]: Provides routine administrative commands for initializing database schemas, managing containers, and attaching external data sources in DuckDB. All commands are standard for the operations described.
- [CREDENTIALS_UNSAFE]: The documentation and code snippets use clear placeholder values (e.g., 'user:pass', 'tabular-token-...') for demonstration purposes. It includes explicit warnings and best practices to use secure alternatives like environment variables and AWS IAM roles.
- [INDIRECT_PROMPT_INJECTION]: The skill outlines the use of metadata discovery tools (DataHub, OpenMetadata) which ingest data from external catalogs. While this ingestion process presents a surface for indirect prompt injection (e.g., via malicious table comments in a source system), the skill provides standard industry patterns for these integrations.
Audit Metadata