Skills
skills/motherduckdb/agent-skills/build-cfa-app/Gen Agent Trust Hub

build-cfa-app

Pass

Audited by Gen Agent Trust Hub on Apr 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Instructions in SKILL.md guide the user to run provided Python and TypeScript artifacts using the uv tool for local demonstration.
  • [EXTERNAL_DOWNLOADS]: The documentation suggests installing well-known, industry-standard packages from official registries, which is expected for the described application architecture.
  • [CREDENTIALS_UNSAFE]: Examples provided in the reference guides use environment variables and placeholders for secret management, adhering to security best practices.
  • [PROMPT_INJECTION]: The skill documents an architecture that executes client-provided SQL. It addresses the risk of indirect prompt injection by recommending per-customer database isolation and explicit query validation.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 13, 2026, 12:43 PM