duckdb-sql
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): Automated scanning confirmed a piped remote execution pattern: curl -fsSL https://install.duckdb.org | sh. This allows unverified code to be executed directly in the user shell with their current permissions.
- [EXTERNAL_DOWNLOADS] (HIGH): The remote script is fetched from duckdb.org, which is not a Trusted External Source according to the defined policy, meaning the download itself carries high severity.
- [COMMAND_EXECUTION] (MEDIUM): The skill generates SQL queries for the duckdb CLI. This functionality provides a path for command execution and local filesystem interaction through the database engine's capabilities.
- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection via the processing of untrusted data files.
- Ingestion points: Local .csv, .parquet, and .ddb files processed for schema inference as described in README.md.
- Boundary markers: Absent from the documentation.
- Capability inventory: Shell-based CLI execution via the duckdb binary.
- Sanitization: No sanitization or verification of data-sourced schema metadata is mentioned.
Recommendations
- HIGH: Downloads and executes remote code from: https://install.duckdb.org - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata