motherduck-enable-self-serve-analytics
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection vulnerability surface detected due to untrusted data processing. \n
- Ingestion points: The skill ingests database schema metadata and row content from external MotherDuck instances via tools such as
motherduck-exploreandmotherduck-query(as described in SKILL.md and SELF_SERVE_ROLLOUT_GUIDE.md). \n - Boundary markers: The instructions lack explicit delimiters or "ignore instructions" directives to prevent the agent from being influenced by malicious content embedded in database metadata or table values. \n
- Capability inventory: The skill possesses significant capabilities, including creating database views (
motherduck-model-data), generating visualization assets (motherduck-create-dive), and sharing data access boundaries (motherduck-share-data). \n - Sanitization: No sanitization, validation, or escaping logic is defined for data retrieved from external sources before it is interpolated into the prompt context.
Audit Metadata