The Agent Skills Directory

[COMMAND_EXECUTION]: The bash script template 'rollback_migration.sh' in 'sub-skills/implementation-playbook.md' uses unquoted shell variables such as '$DATABASE' and '$MIGRATION_VERSION' directly within psql commands. This creates an argument and command injection risk if these variables are populated with untrusted data.
[DYNAMIC_EXECUTION]: Python implementation patterns in 'sub-skills/implementation-playbook.md', including the 'ParallelMigrator' and validation functions, construct SQL queries using f-strings for table and column names (e.g., 'SELECT COUNT(*) FROM {table['name']}'). Since database identifiers cannot be parameterized in standard drivers, this introduces a SQL injection vulnerability if identifier names originate from untrusted sources.
[INDIRECT_PROMPT_INJECTION]: The skill processes external requirements via '$ARGUMENTS' and has access to high-capability tools (Bash, Write, Edit) without sufficient security guardrails.
Ingestion points: The '$ARGUMENTS' variable in 'SKILL.md' allows user-provided migration specifications to influence agent actions.
Boundary markers: Absent; the skill does not instruct the agent to use delimiters or to ignore embedded instructions within the provided requirements.
Capability inventory: The skill is authorized to use 'Bash' for execution and 'Write'/'Edit' for file manipulation, which can be used to execute the potentially unsafe scripts it generates.
Sanitization: Absent; there are no instructions or template logic provided for validating or escaping external identifiers before they are used in shell or SQL contexts.

database-migrations-sql-migrations