The Agent Skills Directory

COMMAND_EXECUTION (HIGH): The template 'templates/text2sql.py' converts natural language user input into SQL queries using an LLM and executes them on the database. Although it includes a manual confirmation step and a basic read-only check ('is_readonly_sql'), this pattern is highly vulnerable to AI-generated malicious queries that could bypass simple filters to leak sensitive information or perform unauthorized operations.
PROMPT_INJECTION (HIGH): The skill demonstrates significant Indirect Prompt Injection surfaces (Category 8) in 'templates/rag.py' and 'templates/memory_lib.py'.
Ingestion points: Untrusted data is retrieved from TiDB tables ('chunks', 'memories') and used to build prompts.
Boundary markers: The prompt construction in 'memory_lib.py' (using string join) and 'rag.py' (using format) lacks robust delimiters or 'ignore' instructions for the retrieved content.
Capability inventory: The agent uses retrieved data to influence decision-making and assistant responses.
Sanitization: No sanitization, escaping, or validation is performed on the database-retrieved strings before they are interpolated into the final system or user prompts.
EXTERNAL_DOWNLOADS (LOW): Multiple guides (guides/quickstart.md, guides/custom-embedding.md, guides/demos.md) recommend the installation of external Python packages (pytidb, litellm, FlagEmbedding) and the download of remote embedding models from providers like HuggingFace, OpenAI, and Jina AI.

pytidb