The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The fallback execution instructions in SKILL.md contain a hardcoded PostgreSQL connection string: postgresql://kbuser:TestPassword123!@localhost:5433/knowledgebase. This exposes a plaintext password (TestPassword123!) in the skill's source code.
[COMMAND_EXECUTION]: The skill provides a block of JavaScript code for the agent to execute if MCP tools are unavailable. This script utilizes the pg library to manually establish a network connection to a local database and perform SQL queries, bypassing standard safety layers.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its handling of data from an external database.
Ingestion points: The skill fetches and renders data from the public.plans and public.stories tables (fields such as title, summary, and plan_slug).
Boundary markers: There are no delimiters or explicit instructions to ignore potentially malicious content within the fetched data.
Capability inventory: The skill possesses the capability to query databases and format complex Markdown responses.
Sanitization: No escaping, filtering, or validation is applied to the data retrieved from the database before it is interpolated into the agent's output.

roadmap