The Agent Skills Directory

[DATA_EXFILTRATION]: The skill documents patterns for building tools that access potentially sensitive information from databases and external REST APIs. While presented as functional examples, these patterns represent a data exposure surface if implemented without rigorous authorization.\n
Evidence: references/examples.md and references/implementation-patterns.md contain examples of database lookup tools (getUserById) and API integration tools (getStockPrice).\n- [COMMAND_EXECUTION]: The instructions describe how to implement tools that execute database commands or complex logic. The documentation explicitly includes a pattern for a tool that accepts and executes raw SQL queries from the LLM, which is a high-privilege capability.\n
Evidence: The DatabaseService example in references/examples.md includes an Execute read query on database tool that takes a raw string as a SQL query.\n- [PROMPT_INJECTION]: (Indirect Prompt Injection Surface) The skill defines a large attack surface for indirect prompt injection by demonstrating how to build tools that process data originating from LLM responses.\n
Ingestion points: Parameters of methods annotated with @Tool (e.g., the location parameter in WeatherService or the query parameter in DatabaseService) across SKILL.md and the reference documentation.\n
Boundary markers: The examples lack explicit boundary markers or delimiters to isolate user-controlled data within the tool logic, although the documentation provides general advice on input sanitization.\n
Capability inventory: Patterns include tools for database manipulation (updateEmail), access to sensitive data (getSensitiveData), and external web requests via WebClient.\n
Sanitization: The skill recommends input sanitization in its security considerations and provides basic validation examples, such as checking that SQL queries start with the 'SELECT' keyword.

langchain4j-tool-function-calling-patterns