The Agent Skills Directory

[SAFE]: The skill provides instructional content and SQL templates for environment introspection within the MotherDuck platform. No malicious patterns or unauthorized data access were detected.
[COMMAND_EXECUTION]: Includes SQL queries for inspecting database aliases and shares (e.g., MD_ALL_DATABASES, MD_INFORMATION_SCHEMA in references/SECURITY_GOVERNANCE_PLAYBOOK.md). These are standard introspection tools for the database environment and are used for governance validation as intended by the skill's purpose.
[DATA_EXFILTRATION]: Refers to the official vendor contact address (security@motherduck.com) for legitimate compliance requests. This is a trusted vendor resource and does not constitute a security risk.
[PROMPT_INJECTION]: The skill ingests metadata from database introspection results (Ingestion points: results from MD_ALL_DATABASES and MD_INFORMATION_SCHEMA). Boundary markers are absent in the provided playbook. Capability inventory includes SQL execution within the workspace. Sanitization of metadata results is absent. The vulnerability surface is limited as the data is used for architectural assessment rather than driving higher-privileged system operations.

security-governance