motherduck-security-governance
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is designed for security and governance education, promoting best practices such as using service accounts instead of personal tokens and keeping credentials in secure backend environments.
- [COMMAND_EXECUTION]: The skill provides SQL snippets for auditing databases and shares (e.g.,
MD_ALL_DATABASES(),MD_INFORMATION_SCHEMA.OWNED_SHARES). These are standard, read-only introspection queries used for governance validation within the platform environment. - [DATA_EXFILTRATION]: No data exfiltration patterns were detected. The skill references official contact points (security@motherduck.com) and public documentation (motherduck.com), which are consistent with the vendor's identity (motherduckdb).
- [PROMPT_INJECTION]: The instructions do not contain any attempt to override system prompts or bypass safety filters. Instead, it enforces a policy of verifying claims against public documentation before making compliance assertions.
- [REMOTE_CODE_EXECUTION]: The skill does not download or execute any remote scripts. It uses a defined tool (
ask_docs_question) for documentation retrieval.
Audit Metadata