The Agent Skills Directory

COMMAND_EXECUTION (HIGH): SQL Injection in /analytics/:collection. The group_by variable, sourced directly from req.query, is interpolated into a database.raw() call without any sanitization or validation against a whitelist. Evidence: database.raw(\DATE_TRUNC('${group_by}', created_at) as period`)inexamples/custom-endpoint.ts. \n- **DATA_EXFILTRATION (HIGH):** Authentication Bypass in /send-notification. Unlike the /batch-processendpoint, this route does not verifyreq.accountability?.user, allowing unauthenticated actors to send emails through the server's MailService. \n- **DATA_EXFILTRATION (MEDIUM):** HTML Injection in /send-notification. User-provided data from req.body.datais interpolated directly into HTML templates (e.g.,welcome, alert, report) without escaping or sanitization. This can be used to perform phishing or stored XSS attacks against email recipients. \n- **DATA_EXFILTRATION (LOW):** Information Disclosure in /health. The endpoint returns detailed environment metrics including process.memoryUsage()andprocess.uptime()`, which can be used for host footprinting.

Directus Backend Architecture