Etl Generator

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward ETL SQL generator, with the main risk being that its generated overwrite SQL must be reviewed before anyone runs it.

Before installing, confirm you want a generator for ETL SQL rather than an executor. Review generated INSERT OVERWRITE statements carefully, especially target table names, affected partitions, date filters, and db_name/table_name values; use staging or a dry run before production. If using the table-name workflow, only allow schema lookups for tables you intend the agent to inspect.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The documented ETL pattern uses INSERT OVERWRITE TABLE ... PARTITION(ds), which replaces target partition data and can cause unintended data loss or corruption if generated SQL is run against the wrong table, wrong partition set, or with malformed upstream logic. In an automation skill that generates runnable SQL, omitting an explicit warning and safer execution guidance increases the chance of destructive operator error.

VirusTotal

50/50 vendors flagged this skill as clean.

View on VirusTotal