byted-bytehouse-ai-query

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests and uses externally-hosted knowledge-base content (user-added text/files via scripts/add_content_to_kb.py and scripts/upload_file_to_kb.py and queried by scripts/search_knowledge_base.py) and passes knowledgeBaseIDs to the Text2SQL API in scripts/text2sql.py so untrusted, user-provided KB content fetched from the ByteHouse API can directly influence SQL generation and tool behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill makes runtime requests to the Text2SQL API endpoint (e.g. https://<BYTEHOUSE_HOST>/matrix/v1/conversation) and consumes the streamed response as SQL which is then executed, so fetched remote content directly controls instructions/commands executed by the agent.