The Agent Skills Directory

[Prompt Injection] (HIGH): The skill is susceptible to Indirect Prompt Injection (Category 8) due to its data processing workflow. Evidence: (1) Ingestion points: The agent reads external source code, Prisma schemas, and database logs via the Read tool to identify optimization targets. (2) Boundary markers: No delimiters or explicit instructions to ignore embedded commands are present in the instruction set. (3) Capability inventory: The skill allows Write, Edit, and Bash operations, providing a high-privilege execution environment for injected payloads. (4) Sanitization: There is no validation or filtering of the content being analyzed.
[Command Execution] (LOW): The skill requires Bash access to perform necessary query analysis tasks like EXPLAIN ANALYZE. While this is functional for the skill's purpose, the inclusion of this tool increases the risk profile when combined with the indirect injection surface.

optimizing-query-performance