motherduck-create-dive
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses official MotherDuck domains (motherduckdb.com) and packages (@motherduck/react-sql-query), representing standard vendor functionality.
- [CREDENTIALS_UNSAFE]: The documentation actively promotes security by instructing against hardcoding admin tokens in the browser and recommending short-lived session tokens for embedded Dives.
- [COMMAND_EXECUTION]: SQL execution is scoped to the MotherDuck environment, with guidelines for validating queries and schemas prior to use.
- [PROMPT_INJECTION]: The skill manages data ingestion surfaces responsibly by providing templates for numeric validation (the 'N()' helper) and structured React rendering components to minimize injection risks.
Audit Metadata