The Agent Skills Directory

[COMMAND_EXECUTION]: The launcher script scripts/postgres-cli uses exec to run platform-specific binaries located in scripts/bin/. It also falls back to cargo run if binaries are missing, which involves building and executing code from the local repository.
[REMOTE_CODE_EXECUTION]: The script scripts/refresh-binaries-from-release.sh downloads executable binaries from GitHub releases using the gh CLI tool, applies chmod +x, and places them into the execution path used by the agent.
[COMMAND_EXECUTION]: The script scripts/build-release-binary.sh performs local compilation of source code into executable binaries using rustup and cargo build --release, subsequently moving them to the scripts/bin/ directory.
[COMMAND_EXECUTION]: The setup guide references/SETUP.md instructs the user to append environment variable exports and path modifications to ~/.zshrc, which is a common persistence and environment manipulation vector.
[DATA_EXFILTRATION]: The skill manages database credentials through environment variables (PGPASSWORD_APP, DATABASE_URL_APP) and local configuration files (.agents/postgres-cli/.env), which could be targeted by other scripts or components despite instructions to the agent not to read them directly.
[INDIRECT_PROMPT_INJECTION]: The skill processes data returned from database queries via postgres-cli query and displays them to the agent. Malicious data inside the database could be crafted to influence agent behavior through its output.
Ingestion points: SQL query results and introspection data returned via scripts/postgres-cli (SKILL.md, references/SETUP.md).
Boundary markers: Not present. The agent reads raw JSON/text output from the database command.
Capability inventory: Execution of scripts/postgres-cli (subprocess), file writing (via --output), and building source (via cargo run).
Sanitization: No explicit sanitization of database output is performed before it is presented to the agent context.

postgres-cli