duckdb-en
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONNO_CODE
Full Analysis
- [COMMAND_EXECUTION]: The skill documents various command-line arguments and dot commands for the DuckDB CLI, including the ability to run SQL queries directly (
-c), execute scripts from files (-f,.read), and access an external editor (.edit). - [DATA_EXFILTRATION]: The skill provides instructions for exporting data to files via the
COPYcommand and dot commands like.output, which could be used to write sensitive information to attacker-controlled locations or local files. - [PROMPT_INJECTION]: The skill facilitates the processing of untrusted external data, creating a surface for indirect prompt injection.
- Ingestion points: The documentation in
SKILL.mdshows how to read CSV, Parquet, and JSON files using functions likeread_csv_autoandread_json_auto. - Boundary markers: No specific boundary markers or instructions are provided to help the agent distinguish between data and potentially malicious instructions embedded within these files.
- Capability inventory: DuckDB possesses capabilities for file system access (read/write) and shell command execution (evidenced by the mention of the
.shcommand in the Safe Mode description inSKILL.md). - Sanitization: There are no sanitization or validation steps described for the data being ingested.
- [NO_CODE]: This skill is entirely comprised of markdown documentation and does not contain any executable code files or scripts.
Audit Metadata