The Agent Skills Directory

[CREDENTIALS_UNSAFE]: Multiple examples in the reference files (references/examples.md, references/references.md) contain hardcoded credentials. Specifically, the Neo4j configuration uses .withBasicAuth("bolt://localhost:7687", "neo4j", "password") and the PostgreSQL configuration includes .user("postgres") and .password("password"). Although these are placeholder values in documentation, they represent a potential security risk if adopted directly into production environments.
[DATA_EXFILTRATION]: The skill implements a data pipeline that reads local filesystem data via FileSystemDocumentLoader and transmits that data to external well-known services, including OpenAI for embedding generation and various vector databases (Pinecone, Weaviate, etc.) for storage. This is a standard RAG pattern but facilitates the transfer of local content to third-party cloud environments.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It establishes a workflow where untrusted data is ingested from the filesystem (FileSystemDocumentLoader in SKILL.md and references/examples.md) and interpolated into AI prompts (KnowledgeAssistant system message in SKILL.md). The implementation lacks boundary markers or explicit instructions directing the agent to ignore instructions embedded within the retrieved context, allowing external document content to potentially influence agent behavior.

langchain4j-rag-implementation-patterns