The Agent Skills Directory

[COMMAND_EXECUTION]: The skill documentation in references/skill-deep-dive.md contains several administrative shell commands intended for database operations. These include service management (systemctl start mysql), file ownership changes (chown), and process termination (kill -9 $(pgrep mysqld)) used for testing failover scenarios. It also contains a dd command used to simulate disk exhaustion during chaos engineering exercises. These are legitimate tools for the described DRE role and are not used maliciously or hidden from the user.
[DATA_EXFILTRATION]: A code snippet in the backup verification runbook uses curl to send restore duration metrics to a user-provided $METRICS_ENDPOINT. This is a standard monitoring practice for tracking system health and does not represent an unauthorized attempt to exfiltrate sensitive data.
[SAFE]: The skill contains SQL examples for security incident response, such as rotating user passwords and auditing privileges. These examples use placeholders (e.g., <new-strong-password>) and promote best practices for securing database environments. The skill also processes data from system tables (e.g., information_schema.processlist), which is an indirect prompt injection surface; however, the impact is minimal as the data is used for diagnostic purposes within a controlled administrative context. Mandatory Evidence for Indirect Prompt Injection Surface: 1. Ingestion points: references/skill-deep-dive.md (SQL queries reading system logs and process lists). 2. Boundary markers: Absent. 3. Capability inventory: SQL execution and administrative shell access. 4. Sanitization: Implicitly handled by the database engine's structure.

database-reliability