The Agent Skills Directory

[SAFE]: No malicious patterns or security vulnerabilities were detected in the skill files. The skill implements read-only operations for system introspection and diagnostics. All external references target official IBM documentation.
[DATA_EXFILTRATION]: The skill manages database credentials securely by using environment variables (${DB2i_HOST}, ${DB2i_USER}, ${DB2i_PASS}) in the tools/ifs.yaml configuration. The use of ignore-unauthorized: true for the database connection source disables SSL certificate validation, which is a common practice in internal network environments but reduces transport security.
[COMMAND_EXECUTION]: SQL queries within tools/ifs.yaml use parameter markers (e.g., :path, :limit) for user-supplied input, which follow best practices for preventing SQL injection during command execution.
[PROMPT_INJECTION]: The skill includes functionality to read raw file content from the system via the read_ifs_file tool in tools/ifs.yaml. This creates a surface for indirect prompt injection where instructions stored in files could influence agent behavior.
Ingestion points: The read_ifs_file tool retrieves data from files on the IBM i Integrated File System.
Boundary markers: No delimiters or instructions to ignore embedded commands are used when interpolating file content into the prompt context.
Capability inventory: The skill's capabilities are limited to executing read-only SQL queries on the connected IBM i system.
Sanitization: No evidence of sanitization or validation of the file content before presentation to the agent was found.

ifs