The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill accesses database connection strings, such as the DATABASE_URL environment variable, to connect to the user's PostgreSQL database for extension management.
[EXTERNAL_DOWNLOADS]: The install and upgrade CLI commands include a --latest flag that triggers the download of SQL scripts from GitHub repositories.
[COMMAND_EXECUTION]: The skill executes SQL migrations directly against the configured database and dynamically loads local TypeScript configuration files (stash.config.ts) during runtime.
[PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection. 1. Ingestion points: The agent context ingests potentially untrusted data from stash.config.ts, environment variables, and user-provided inputs in the init wizard. 2. Boundary markers: The documentation does not specify the use of delimiters to isolate these configuration inputs from the agent's instructions. 3. Capability inventory: The skill can execute SQL commands via EQLInstaller.install, write configuration data to the database using the push command, and write files to the local file system during the init process. 4. Sanitization: While Zod is used for configuration validation, there is no mention of sanitization or filtering of external inputs to prevent prompt-based attacks.

stash-forge