duckdb-cli

[Skill Scanner] Instruction directing agent to run/execute external content This skill documentation describes normal DuckDB CLI functionality. There is no embedded malicious code or obfuscation in the provided text. The main supply-chain consideration is the extension INSTALL mechanism (it downloads and executes extension code), which is expected but means users should only install trusted extensions. Reading arbitrary local files and remote URIs is normal for this tool but can expose sensitive data if misused. No indicators of credential-harvesting, backdoors, or covert exfiltration are present in the documentation itself. LLM verification: The documentation itself is benign and aligns with DuckDB CLI functionality. There is no evidence of obfuscated or directly malicious code in the provided text. However, the documented capabilities (arbitrary file reads, recursive globs, remote URIs, and extension installation) create realistic operational risks: an agent or process with permission to execute DuckDB and install extensions can read sensitive files and exfiltrate data or install code that performs further malicious actions. Treat