spatial
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute the duckdb command-line utility for running spatial SQL queries and managing data processing workflows.
- [EXTERNAL_DOWNLOADS]: The skill fetches geographic datasets from the Overture Maps Foundation's official S3 repository (s3://overturemaps-us-west-2/). This is a well-known service for open map data.
- [EXTERNAL_DOWNLOADS]: The skill installs the spatial, httpfs, and h3 extensions from DuckDB's remote repositories to enable advanced spatial features and S3 connectivity.
- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks as it ingests and processes spatial data from external files and remote sources. 1. Ingestion points: Data is read from local spatial files via ST_Read and from remote Parquet files on S3. 2. Boundary markers: The instructions do not provide explicit delimiters or warnings to separate data content from the agent's operational logic. 3. Capability inventory: The agent has access to the Bash tool and can write files to the local system using DuckDB's COPY command. 4. Sanitization: There is no evidence of data validation or content sanitization for the ingested spatial records.
Audit Metadata