The Agent Skills Directory

PROMPT_INJECTION (LOW): The skill ingests untrusted data from SQL query results which constitutes a surface for indirect prompt injection.\n
Ingestion points: Results from queries in checks.sql and the 'Too Many Parts' investigation block in SKILL.md.\n
Boundary markers: Absent; output is interpreted by the agent without specific delimiters or instructions to ignore embedded commands.\n
Capability inventory: Limited to SQL execution on the connected ClickHouse cluster. No evidence of shell access, network requests (curl/wget), or file system writes across any skill files.\n
Sanitization: Absent; the skill does not perform escaping or validation of the database metadata (e.g., table names) before processing.\n- COMMAND_EXECUTION (SAFE): The skill constructs SQL queries dynamically using placeholders for cluster and table names. This behavior is standard for diagnostic tools and is protected by mandatory LIMIT clauses and 24-hour time-bounds specified in the ad-hoc query guidelines.\n- SAFE (SAFE): No obfuscation, persistence mechanisms, hardcoded credentials, or unauthorized external download patterns were identified.

altinity-expert-clickhouse-merges