The Agent Skills Directory

[COMMAND_EXECUTION]: The skill scripts (doctor.py, schema.py, onboard.py, and check_upstream.py) use the subprocess module to invoke the 'surreal' and 'gh' CLI binaries. These operations are used for environment validation, version checks, and comparing local snapshots against upstream repository states.
[EXTERNAL_DOWNLOADS]: The check_upstream.py script makes network requests to the GitHub API using the system 'gh' CLI to fetch commit and release data. Python dependencies (rich, websockets) are declared via PEP 723 inline metadata for automatic management by the 'uv' runner.
[PROMPT_INJECTION]: The skill has a surface for indirect prompt injection (Category 8) because it ingests and processes data from external SurrealDB instances (e.g., table names during schema introspection).
- Ingestion points: scripts/schema.py (fetches table metadata via 'INFO FOR DB'), scripts/doctor.py (verifies database existence).
- Boundary markers: Absent in the resulting JSON output.
- Capability inventory: Includes network operations (WebSockets) and local command execution (via subprocess).
- Sanitization: The scripts implement proactive mitigation; specifically, schema.py uses a regex-based 'sanitize_identifier' function ([a-zA-Z][a-zA-Z0-9_]*) to validate identifiers before interpolating them into SurrealQL queries.
[SAFE]: While SKILL.md claims 'no_file_write: true', the onboarding script includes a user-confirmed feature to generate a .env configuration file, and the schema script includes an optional export flag to save SurrealQL definitions to disk. These are standard developer utilities and are not considered malicious.

surrealdb