load-data
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill functions as a documentation resource for data ingestion workflows. It provides architectural guidance and SQL examples for moving data from local systems and cloud object stores into MotherDuck.
- [DATA_EXFILTRATION]: The skill describes how to handle credentials for S3, GCS, and Azure Blob Storage using
CREATE SECRETor environment variables. All examples use non-sensitive placeholders (e.g., 'AKIA...', 'GOOG...', '...') and follow security best practices for credential management. - [REMOTE_CODE_EXECUTION]: The provided references mention official and widely-used client libraries such as
duckdbfor Python and@duckdb/node-apifor Node.js. There are no instructions for executing unverified remote scripts or using dangerous system commands. - [PROMPT_INJECTION]: The skill handles external data ingestion (CSV, Parquet, JSON), which is its primary purpose. It provides instructions for schema validation, explicit casting, and error handling, which are standard security measures for processing untrusted data inputs.
- [COMMAND_EXECUTION]: While the skill mentions command-line operations for cloud authentication (e.g.,
gcloud,awsCLI), these are standard administrative tasks and do not involve unauthorized command injection or privilege escalation.
Audit Metadata