Skills
skills/motherduckdb/agent-skills/motherduck-load-data/Gen Agent Trust Hub

motherduck-load-data

Pass

Audited by Gen Agent Trust Hub on May 7, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill serves as a comprehensive guide for data ingestion into MotherDuck, providing legitimate patterns for using DuckDB's native capabilities.
  • [DATA_EXPOSURE]: The skill provides instructions for managing cloud storage credentials (S3, GCS, Azure) using standard practices such as environment variables and the CREATE SECRET SQL syntax. All examples use non-sensitive placeholders (e.g., 'AKIA...', 'GOOG...').
  • [EXTERNAL_DOWNLOADS]: The skill references standard and well-known libraries for database interaction, including Python packages (duckdb, psycopg, dlt) and Node.js packages (@duckdb/node-api, pg).
  • [INDIRECT_PROMPT_INJECTION]: The skill defines a large ingestion surface for processing untrusted external data.
  • Ingestion points: Data enters the system via read_csv, read_json, read_parquet, delta_scan, iceberg_scan, and ATTACH commands described in references/INGESTION_PATTERNS.md.
  • Boundary markers: No specific delimiters or prompt-level instructions are provided to the agent to ignore instructions embedded within the data, though the workflow recommends landing data into 'raw' staging tables first.
  • Capability inventory: The skill enables the agent to perform extensive database operations (CREATE, INSERT, ATTACH), file system access (reading and exporting data via COPY TO), and network operations (connecting to cloud providers and external databases).
  • Sanitization: The skill relies on DuckDB's internal parsers and mentions the ignore_errors parameter for handling malformed CSV data.
Audit Metadata
Risk Level
SAFE
Analyzed
May 7, 2026, 06:31 PM