The Agent Skills Directory

[COMMAND_EXECUTION]: The skill includes Python scripts that execute system commands and SQL queries to perform its functions. * scripts/db_backup.py uses subprocess.run and subprocess.Popen to call database tools like mongodump and pg_dump. It correctly uses argument lists rather than shell strings to prevent shell injection. * scripts/db_migrate.py executes user-defined SQL migrations against the target database as a core functionality.
[PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it processes data from external sources. * Ingestion points: scripts/db_performance_check.py reads query logs from the database; scripts/db_migrate.py reads migration definitions from local JSON files. * Boundary markers: Not explicitly used in the scripts' output to the agent. * Capability inventory: The skill has the ability to execute system commands and database queries across its utility scripts. * Sanitization: Data read from the database is processed for reporting without specific sanitization filters for LLM instructions. These findings are associated with the primary skill purpose and do not indicate malicious intent.

databases