The Agent Skills Directory

[PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill is designed to read and process untrusted SQL files from the local filesystem and git history, which could contain malicious instructions designed to manipulate the AI agent.
Ingestion points: SQL content is retrieved via read, glob, and the output of git diff in the documented workflow.
Boundary markers: The workflow does not specify explicit delimiters or "ignore instructions" markers to isolate the analyzed SQL content when passed to the agent or tools.
Capability inventory: The skill possesses capabilities including bash for shell command execution (git/dbt), file reading (read), and file listing (glob).
Sanitization: The skill utilizes altimate_core_check, which is explicitly documented to scan for and report various injection attacks (SQL, UNION, Jinja, template injection), providing a level of defensive analysis for the data being reviewed.
[COMMAND_EXECUTION]: Local Command Execution. The skill uses the bash tool to interact with the local repository environment.
Evidence: The workflow includes execution of git diff to identify changes and altimate-dbt compile to prepare models for analysis.
Context: These commands are used for standard development introspection and utilize vendor-provided utilities, aligning with the skill's purpose.

sql-review