etl-duckdb
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Privilege Escalation] (HIGH): The skill instructs the agent to use
powershell -ExecutionPolicy BypassinSKILL.md. This command explicitly disables host-level security protections designed to prevent the execution of untrusted or unsigned scripts on Windows systems. - [Indirect Prompt Injection] (HIGH): The skill is designed to ingest and process external files from the
datadirectory (CSV/XLSX). Since the processing logic includes shell and Python execution, it constitutes a high-risk surface where malicious data in those files could be used to execute arbitrary commands or influence agent behavior. (Evidence: 1. Ingestion point:datafolder; 2. Boundary markers: Absent; 3. Capability inventory: PowerShell and Python execution; 4. Sanitization: Absent). - [Unverifiable Dependencies] (MEDIUM): The PowerShell script executes
tools/hvdc_ops.py, which is not included in the provided file list. This prevents a complete audit of the code being executed and its handling of external data. - [Obfuscation] (LOW): The
SKILL.mdfile contains the string '以묐떒' (Korean for 'stop' or 'interruption'). While likely a UI status indicator, the use of non-standard characters in instruction sets can be a technique used to evade simple string-matching security filters.
Recommendations
- AI detected serious security threats
Audit Metadata