The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides instructions for executing shell commands that interpolate user-supplied natural language questions directly into a Bash command line: python scripts/generate-embedding.py --text "$user_question". This pattern is vulnerable to arbitrary command execution if the user input contains shell metacharacters such as backticks or semicolons.- [CREDENTIALS_UNSAFE]: The example command for database access contains hardcoded administrative credentials (--user root --pass root) for the SurrealDB instance.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from the database and user input without defined boundary markers or sanitization. * Ingestion points: User questions and database content (section content, source titles) processed in SKILL.md. * Boundary markers: Absent in implementation examples. * Capability inventory: Bash (shell execution) and Read (file access). * Sanitization: No sanitization or validation of external content is described before interpolation into prompts or shell commands.- [COMMAND_EXECUTION]: The skill performs dynamic construction of database queries based on natural language parsing. Without robust sanitization, this allows for potential database query injection attacks where a malicious user could craft a question that executes unauthorized SurrealDB operations.

bookstrap-query