The Agent Skills Directory

Dynamic Execution (MEDIUM): The skill provides Python patterns that construct SQL queries using string interpolation for column names and JSON field paths. This pattern is vulnerable to SQL injection if the keys or field names originate from untrusted sources. * Evidence in references/async-patterns.md: The update_item function joins dictionary keys directly into the SQL SET clause: ", ".join(f"{k} = ?" for k in updates.keys()). * Evidence in references/migration-patterns.md: The query_json_field and update_json_field functions interpolate the {field} variable directly into json_extract and json_set calls.
Indirect Prompt Injection (LOW): The skill handles untrusted data ingestion (database records) without providing clear boundary markers or sanitization patterns for structural elements (like column names). * Ingestion points: Input parameters in update_item and query_json_field (e.g., dictionary keys and field names). * Boundary markers: Absent in code patterns; there are no instructions to validate or escape structural metadata. * Capability inventory: The skill utilizes 'Read', 'Write', and 'Bash' tools across all scripts to manipulate files and execute database commands. * Sanitization: While query values are parameterized, structural metadata (keys/fields) are interpolated directly without sanitization.

sqlite-ops