The Agent Skills Directory

[COMMAND_EXECUTION] (LOW): The skill facilitates the execution of arbitrary SQL commands through the duckdb CLI using the -c flag and dot commands like .read. This grants the agent significant control over the local environment.
[EXTERNAL_DOWNLOADS] (LOW): The INSTALL and LOAD commands allow the dynamic downloading and execution of binary extensions (e.g., httpfs, spatial, vss) from DuckDB's remote extension repository. While standard for this tool, it represents a mechanism for loading external executable content.
[DATA_EXFILTRATION] (LOW): Through the httpfs extension, the skill can access remote resources via HTTP/S and S3. This, combined with the ability to read local files (e.g., SELECT * FROM 'secret.txt'), creates a potential path for data exposure or exfiltration through the agent's output.
[DATA_EXFILTRATION] (LOW): The COPY TO and .output commands allow writing data to any accessible file path on the host system, posing a risk of unauthorized data modification or overwriting of sensitive system files if the agent is run with high privileges.
[INDIRECT_PROMPT_INJECTION] (LOW): The skill is designed to ingest and process external, untrusted data formats like CSV, JSON, and Parquet. It lacks explicit boundary markers or sanitization instructions to prevent the agent from potentially interpreting malicious instructions embedded within the data it is analyzing.

duckdb-cli