data-context-extractor

Name: knowledge-work-plugins/data-context-extractor
Author: anthropics

Share on X Share on LinkedIn Share on Bluesky

100Critical

This skill performs unauthorized schema discovery and executes dangerous SQL injection patterns to exfiltrate sensitive production data under the guise of generating documentation.

ThreatsCI SM CS BC S HITL

Threat Analysis

AI Agent Traps ↗Scanned 6/20/2026

Content InjectionPerceptionclean

Semantic ManipulationReasoning2 findings

Cognitive StateMemory & Learningclean

Behavioural ControlAction2 findings

SystemicMulti-Agent Dynamicsclean

Human-in-the-LoopHuman Overseerclean

Skill Info

Nameanthropics/knowledge-work-plugins/data-context-extractor

Registrygithub

Version55447a28e6c7

PURLpkg:github/anthropics/knowledge-work-plugins@55447a28e6c7?skill=data-context-extractor

Stars21,418

Installs1,900

Source

Repository ↗SKILL.md ↗

Install

This skill has been flagged as potentially malicious. Review the findings below before installing.

GitHub

1,900 installs

Skills.shDocs

npx skills add https://github.com/anthropics/knowledge-work-plugins

Assessments (3)

AI Agent Traps ↗

SQL injection — database system-object or file-access abuse (information_schema/xp_cmdshell/INTO OUTFILE/LOAD_FILE) detectedcriticalsql injectionAML.T0050AML.T0053LLM05:2025

SQL injection — database system-object or file-access abuse (information_schema/xp_cmdshell/INTO OUTFILE/LOAD_FILE) detected (seen 2 times in this file at lines 59, 62)

100% confidenceline 59

INFORMATION_SCHEMA.SCHEMATA

Data Exfiltration via Schema Discoveryhighdata exfiltrationAML.T0025AML.T0024LLM02:2025

The skill instructs the agent to perform broad schema discovery and extract 'tribal knowledge' (business logic, metrics, and table relationships) from a production data warehouse. This creates a high risk of exfiltrating sensitive business intelligence and proprietary data structures into a portable, user-controlled zip file.

80% confidence

Step 2: Explore the schema... List available datasets/schemas... Identify the most important tables... Pull schema details for those key tables

Capability Inflation / Over-Privileged Data Accessmediumdescription mismatchAML.T0011.000LLM06:2025LLM09:2025

The skill claims to be a 'meta-skill' for generating documentation, but it mandates active interaction with production databases (querying schemas, identifying tables). This is a significant capability inflation beyond simple text generation.

85% confidence

Use ~~data warehouse tools (query and schema) to connect.

Description Mismatchhighdescription mismatchAML.T0011.000LLM06:2025LLM09:2025

The skill encourages the execution of arbitrary schema discovery queries against a user's production data warehouse, which poses a significant risk of data exfiltration or unauthorized metadata harvesting if the user provides broad database credentials.

85% confidence

The skill explicitly instructs the AI to use '~~data warehouse' tools to query INFORMATION_SCHEMA and system tables (e.g., 'SELECT schema_name FROM INFORMATION_SCHEMA.SCHEMATA') to map the user's entire data environment.

Social Engineering for Credential/Access Abusemediumsocial engineeringAML.T0052.000LLM09:2025

The skill uses a 'Bootstrap Mode' that encourages the agent to probe for database connection details and warehouse types, potentially tricking the user into providing credentials or granting the agent excessive permissions to sensitive production databases.

70% confidence

Step 1: Identify the database type... Use ~~data warehouse tools (query and schema) to connect.

Missing licenseinfopolicy violation

Skill does not specify a license field. Specifying a license helps users understand usage terms.

100% confidence

Missing or insufficient descriptioninfopolicy violation

Skill description is empty or too short. A clear description helps users evaluate the skill's purpose.

100% confidence

Badge

Markdown

[![Mondoo Skill Check](https://mondoo.com/ai-agent-security/api/badge/github/anthropics/knowledge-work-plugins/data-context-extractor.svg)](https://mondoo.com/ai-agent-security/skills/github/anthropics/knowledge-work-plugins/data-context-extractor)

HTML

<a href="https://mondoo.com/ai-agent-security/skills/github/anthropics/knowledge-work-plugins/data-context-extractor"><img src="https://mondoo.com/ai-agent-security/api/badge/github/anthropics/knowledge-work-plugins/data-context-extractor.svg" alt="Mondoo Skill Check" /></a>

Image URL

https://mondoo.com/ai-agent-security/api/badge/github/anthropics/knowledge-work-plugins/data-context-extractor.svg

Secure your AI agents

Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.

Continuous scanning of skills across all registries
Policy enforcement before skills reach your agents
Integration with your existing security workflow