The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The scripts 'scripts/database_connection_test.py' and 'scripts/stored_procedure_deployer.py' pass database passwords as command-line arguments. In 'check_mysql', the password is appended as '-p{password}', and in 'check_sqlserver', it uses '-P {password}'. This exposes credentials to any user or process monitoring the system's process list.
[COMMAND_EXECUTION]: The skill uses 'subprocess.run' to execute 'psql', 'mysql', and 'sqlcmd' client binaries. While it uses list-based arguments to prevent shell injection, the skill's primary function is to execute arbitrary SQL code provided by the user, representing a high-capability attack surface if the input is malicious.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through SQL files or user-provided descriptions. Ingestion points: SQL files in 'scripts/stored_procedure_deployer.py' and procedure descriptions in user prompts. Boundary markers: The skill lacks explicit boundary markers or instructions to ignore embedded instructions in the processed SQL files. Capability inventory: Extensive database access via 'psql', 'mysql', and 'sqlcmd' binaries, plus file write capabilities via 'allowed-tools' in 'SKILL.md'. Sanitization: Static syntax validation is performed in 'scripts/stored_procedure_syntax_validator.py', but this does not prevent the execution of logically malicious SQL (e.g., data exfiltration or table destruction).

generating-stored-procedures