The Agent Skills Directory

Indirect Prompt Injection (LOW): The skill facilitates the ingestion of data from external database records, which is a known attack surface for indirect prompt injection.\n
Ingestion points: Database query results retrieved via CLI tools or drivers as described in SKILL.md and references/mongodb-crud.md.\n
Boundary markers: None present in instructional examples to delimit untrusted database content from instructions.\n
Capability inventory: Shell access via psql and mongosh CLIs and migration scripts like db_migrate.py.\n
Sanitization: The provided documentation does not include logic for sanitizing or validating retrieved database content before processing.\n- Privilege Escalation (SAFE): The documentation provides instructions for users to manually install software using sudo. This is a standard administrative task and not an automated or hidden privilege escalation attempt.\n- Data Exposure & Exfiltration (SAFE): Connection string examples use generic placeholders such as 'user:pass'. No sensitive file access or hardcoded secrets were detected.\n- Metadata Poisoning (SAFE): Skill metadata and documentation are consistent with the intended purpose of providing database management guidance.

databases