motherduck-explore
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized data exfiltration attempts were detected in the skill instructions or provided code examples.
- [DATA_EXPOSURE]: The skill is designed to discover and preview database content. It correctly recommends using
process.env.MOTHERDUCK_TOKENfor authentication, which is a standard security best practice for managing secrets. - [INDIRECT_PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it processes data from external sources (MotherDuck database catalogs and table content).
- Ingestion points: Data entering the context via catalog queries (
duckdb_tables,duckdb_columns) and row previews. - Boundary markers: None identified in the provided templates.
- Capability inventory: The skill uses SQL query tools (
query,query_rw) to interact with the database. - Sanitization: No specific sanitization or filtering of database-returned strings is mentioned. While this is a common risk for data-exploration skills, users should be aware that the agent could theoretically be influenced by malicious content stored within database metadata or table rows.
Audit Metadata