The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The SKILL.md file contains literal hardcoded passwords ('secure_password') in the setup instructions for PostgreSQL and MySQL replication users. While provided as examples, they appear as literal strings in role creation commands.
[COMMAND_EXECUTION]: The scripts 'setup_replication.sh' and 'failover.sh' utilize a .sh file extension despite containing Python 3 source code. This mismatch between extension and content is a deceptive practice regarding the script's execution environment.
[PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection (Category 8). Ingestion points: The script 'scripts/failover.sh' recursively reads and parses JSON content from user-specified directories. Boundary markers: No delimiters or isolation instructions are present to separate untrusted data from agent logic. Capability inventory: The agent is configured with access to database CLI tools and file system manipulation tools. Sanitization: Data ingested from the processed files is loaded into memory without validation or sanitization.

managing-database-replication