The Agent Skills Directory

[Indirect Prompt Injection] (LOW): The skill possesses a broad capability to read and modify local files (SQL, TS, code) to enforce naming conventions. This creates an attack surface where malicious instructions embedded in the processed files could influence the agent.
Ingestion points: Processes local files provided by the user or found via glob_file in the local directory.
Boundary markers: The skill lacks explicit instructions to treat file content as untrusted data or use delimiters to prevent instruction leakage.
Capability inventory: Includes edit_file with limit=-1 (global replacement) and file discovery tools, allowing for wide-reaching file system modifications.
Sanitization: No sanitization of the extracted "table names" or content is performed before processing or writing back to the disk.
[COMMAND_EXECUTION] (SAFE): While the skill uses file system tools like edit_file and glob_file, these are restricted to the local environment and are used for their intended purpose of code maintenance. No unauthorized or privileged commands (like sudo) are present.

db-table-best-practice