motherduck-create-flight
Pass
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: SAFE
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill's primary purpose is to create and manage 'MotherDuck Flights', which are Python scripts executed on MotherDuck's remote infrastructure. This is the intended functionality of the platform service being integrated.
- [COMMAND_EXECUTION]: Documentation notes that the remote execution environment allows shell commands via
subprocessand package management viaapt-get installfor dependencies likegitorffmpeg. - [EXTERNAL_DOWNLOADS]: Provided templates include examples of fetching data from well-known services, such as the GitHub API, and downloading configuration or datasets from S3 buckets.
- [PROMPT_INJECTION]: The skill includes explicit security instructions for the agent to validate all user-supplied SQL identifiers (databases, schemas, tables) against a restrictive regular expression (
[A-Za-z_][A-Za-z0-9_]*) before use in DDL operations, mitigating potential injection attacks. - [CREDENTIALS_UNSAFE]: The instructions mandate the use of the platform's internal secrets management system (
TYPE flightssecrets) for sensitive credentials, ensuring they are injected as environment variables at runtime rather than hardcoded in source code.
Audit Metadata