The Agent Skills Directory

[PROMPT_INJECTION]: The skill defines patterns for User Defined Functions (UDFs) that ingest and process database records, which creates an indirect prompt injection surface.\n
Ingestion points: Database columns are accessed via ctx.input and ctx.get_dataframe() as documented in SKILL.md and references/udf-python.md.\n
Boundary markers: No explicit boundary markers or "ignore instructions" warnings are provided in the code templates to separate untrusted data from processing logic.\n
Capability inventory: UDF environments allow for arbitrary code execution (Python, Java, R) and file system access via BucketFS.\n
Sanitization: Examples demonstrate basic regex-based cleaning (re.sub), but the skill does not provide comprehensive input validation or sanitization guidelines for external data.\n- [REMOTE_CODE_EXECUTION]: The documentation describes patterns for dynamic execution and package management.\n
Unsafe Deserialization: Examples in references/udf-python.md utilize pickle.load() to deserialize machine learning models from BucketFS. This represents a potential arbitrary code execution vector if the model files are sourced from untrusted locations.\n
Custom Containers: The skill provides instructions for building custom Docker containers using exaslct, which involves the execution of arbitrary RUN commands and the installation of remote packages as shown in references/slc-reference.md.\n- [COMMAND_EXECUTION]: The documentation references the exaslct CLI tool and various shell commands for building, exporting, and deploying script language containers to the Exasol cluster. These operations require appropriate system permissions and involve subprocess execution.\n- [EXTERNAL_DOWNLOADS]: The skill references official vendor repositories on GitHub and standard package registries including PyPI, CRAN, and Conda for acquiring libraries and development tools. These are documented as part of the legitimate vendor ecosystem.

exasol-udfs