The Agent Skills Directory

[Privilege Escalation] (HIGH): The skill contains instructions for the agent to execute 'sudo systemctl restart postgresql' and modify root-owned system configuration files in '/etc/postgresql/14/main/'. This provides a path for service disruption and unauthorized system-wide changes.
[Indirect Prompt Injection] (HIGH): The skill is highly vulnerable to indirect injection due to its core purpose of processing untrusted external data.
Ingestion points: Reads slow query logs, database activity statistics, and execution plans (EXPLAIN ANALYZE output) as seen in REFERENCE.md and SKILL.md.
Boundary markers: None. There are no delimiters or instructions to ignore embedded commands in the processed data.
Capability inventory: Includes system service management (systemctl), shell command execution (free, cat, df), and destructive database operations (DROP INDEX, REFRESH MATERIALIZED VIEW, ALTER TABLE) in REFERENCE.md and EXAMPLES.md.
Sanitization: None. The skill does not implement validation or escaping for the queries or logs it analyzes.
[Command Execution] (MEDIUM): The skill utilizes raw shell commands via subprocesses to inspect system resources ('cat /proc/cpuinfo', 'free -h'). While intended for monitoring, these commands increase the attack surface if the agent is manipulated into executing arbitrary binaries.

database-optimizer