The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The file scripts/system_utils.py contains a hardcoded signing secret _SIGN_SECRET = 'dd05f1c54d63749eda95f9fa6d49v442a'. This secret is used to generate signatures for specific JeecgBoot API requests (SQL table dictionaries). Hardcoding secrets in scripts is a security risk as it can be easily extracted.
[PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection.
Ingestion points: Data ingested from the JeecgBoot backend via functions like query_roles, query_users, and query_depts in scripts/system_utils.py.
Boundary markers: None identified. Data retrieved from the API is directly printed to the console or stored in JSON files without delimiters.
Capability inventory: The skill can perform network operations via urllib.request and local file writes via argparse and json in scripts/system_creator.py.
Sanitization: No sanitization or validation of the content returned by the API is performed before it is presented to the agent context.
[EXTERNAL_DOWNLOADS]: The scripts scripts/system_creator.py and scripts/system_utils.py perform network requests to an external API base URL provided by the user. While this is the intended functionality for managing a JeecgBoot instance, it represents a network communication surface.
[COMMAND_EXECUTION]: The documentation in SKILL.md instructs the agent to execute local Python scripts (scripts/system_creator.py) via the command line to perform system operations. This grants the agent the ability to run arbitrary parameters against the provided scripts.

jeecg-system