The Agent Skills Directory

[COMMAND_EXECUTION] (HIGH): The skill's documentation (EXAMPLES.md and REFERENCE.md) frequently instructs the agent to use sudo for high-risk operations, such as sudo rm -rf /var/lib/postgresql/14/main/* and sudo systemctl stop postgresql. Granting an AI agent the ability to execute these commands with elevated privileges presents a high risk of privilege escalation and accidental or intentional system destruction.
[COMMAND_EXECUTION] (MEDIUM): The provided Python script scripts/backup_pg.py is vulnerable to SQL injection in the _create_database method. It uses an f-string to interpolate the database variable directly into a SQL statement: f"CREATE DATABASE {database};". If an attacker can control the database name, they can execute arbitrary SQL. Furthermore, the use of subprocess.run with formatted strings for file paths and database names across several methods creates a surface for command and argument injection.
[CREDENTIALS_UNSAFE] (LOW): The backup script and documentation handle database credentials. While the script uses the PGPASSWORD environment variable to pass secrets to PostgreSQL utilities (which is safer than command-line arguments), it still processes raw passwords and includes placeholders like password="your_password" which could lead to accidental exposure.
[EXTERNAL_DOWNLOADS] (LOW): The skill references and suggests the installation of several external PostgreSQL extensions (e.g., pg_cron, pg_partman, pgvector). These represent third-party dependencies that are not inherently malicious but increase the attack surface of the target environment.

postgres-pro