The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill instructs users to download and execute an installation script from 'https://install.ladybugdb.com' directly into the shell using 'curl | bash' in 'SKILL.md' and 'references/cli.md'. This method executes remote code without verification, posing a severe risk if the source or transport is compromised.
[COMMAND_EXECUTION]: The documentation details the use of the 'lbug' CLI tool and Docker containers to manage databases, which involves running system-level commands. Evidence: 'lbug' CLI examples in 'references/cli.md' and 'docker run' patterns in 'references/explorer.md'.
[CREDENTIALS_UNSAFE]: The skill provides instructions for users to handle sensitive secrets in plaintext within database queries and environment variables. Evidence: Cypher 'SET' examples for 'openai_api_key' and 'google_api_key' in 'references/llm-embeddings.md', and database passwords in 'references/attach.md'.
[DATA_EXFILTRATION]: The 'COPY TO' command facilitates the transfer of database contents to external locations, including cloud storage buckets and local file paths. Evidence: Export examples for S3, GCS, and Azure in 'references/export.md'.
[EXTERNAL_DOWNLOADS]: The skill references a wide range of external packages and libraries across different ecosystems (npm, PyPI, Go, Maven, Cargo) to be downloaded from public registries without integrity verification. Evidence: Dependency installation commands found in 'references/python.md', 'references/nodejs.md', and 'references/go.md'.
[PROMPT_INJECTION]: The skill exhibits surfaces for indirect prompt injection as it ingests data from external sources and possesses extensive system capabilities. 1. Ingestion points: 'COPY FROM' and 'ATTACH' operations. 2. Boundary markers: Absent. 3. Capability inventory: File system writes, network requests, and CLI command execution. 4. Sanitization: No evidence of input sanitization or validation of external content.

ladybugdb