The Agent Skills Directory

[COMMAND_EXECUTION]: The skill dynamically assembles a duckdb shell command by interpolating user-provided arguments ($0 and $1) directly into a SQL COPY statement string. This pattern is vulnerable to SQL injection; a filename containing single quotes (e.g., file'; SELECT * FROM secret_table; --) could break out of the string literal and execute arbitrary SQL commands within the DuckDB process.
[DATA_EXFILTRATION]: The skill enables network operations by loading the DuckDB httpfs extension and configuring cloud storage protocols (s3://, gs://, https://). While intended for data conversion, this capability provides a mechanism for reading and writing data across network boundaries, including potential exfiltration of local data to remote endpoints if instructed.
[PROMPT_INJECTION]: The skill creates an ingestion surface for indirect prompt injection by reading untrusted data files. Malicious content within these files could influence the agent's behavior when the skill reports metadata or success details back to the agent context.
Ingestion points: Reads input files using DuckDB's COPY (FROM ...) command (SKILL.md).
Boundary markers: None present; the skill does not use delimiters or warnings to isolate file content or metadata from the rest of the conversation.
Capability inventory: Uses the Bash tool to execute find, duckdb, and ls commands; performs network operations via httpfs (SKILL.md).
Sanitization: No escaping or validation is performed on the input file path or the content processed by DuckDB before being summarized in the report step.

convert-file