The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill's Cargo.lock file is poisoned with non-existent versions of standard Rust crates, including serde (1.0.228), tokio (1.52.0), reqwest (0.12.28), and anyhow (1.0.102). These versions significantly exceed the currently available releases in the official registry.
[REMOTE_CODE_EXECUTION]: The dependency graph in Cargo.lock has been manipulated to inject suspicious and unverifiable crates into the trees of well-known libraries. For example, serde_json is configured to depend on a non-standard crate named zmij, and serde depends on serde_core, neither of which are legitimate dependencies of the official libraries. This is a characteristic pattern of a sophisticated supply chain attack.
[EXTERNAL_DOWNLOADS]: The configuration directs the Rust package manager to download and execute code from these poisoned versions, posing a severe risk of arbitrary code execution on the host system during the build or update process.
[COMMAND_EXECUTION]: The skill provides an interface to execute arbitrary SQL and manages local files (migrations) using a CLI built with the compromised dependencies, creating a direct path for the poisoned code to interact with the database and filesystem.
[SAFE]: The skill source code includes standard security practices such as masking database passwords in logs and requiring confirmation for destructive operations, but these are secondary to the underlying compromise of the dependency tree.

postgres