The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data in the form of database schemas or CREATE TABLE statements provided by the user to generate code. Ingestion points: Step 1 of the workflow in SKILL.md requires the user to provide database information or table schemas. Boundary markers: The skill instructions do not specify any delimiters or warnings to ignore malicious instructions that might be embedded within the user-provided schema. Capability inventory: The skill has the capability to output complex source code (Entity, Mapper, Service, Controller, DTO, etc.) which is intended to be written to the local filesystem. Sanitization: There is no mention of sanitizing or validating the schema input to ensure it does not contain malicious prompts or code injection strings.

mybatis-plus-generator