The Agent Skills Directory

[Credentials Unsafe] (LOW): The file SKILL.md contains a hardcoded placeholder credential postgresql://monitor:pass@postgres:5432/postgres. While clearly a placeholder ('pass'), hardcoding passwords in documentation or examples can lead to accidental deployment of insecure defaults.
[Indirect Prompt Injection] (MEDIUM): The skill is designed to ingest and analyze data from PostgreSQL system tables which can contain attacker-controlled input.
Ingestion points: SQL query results from pg_stat_statements and pg_stat_activity as defined in SKILL.md and assets/monitoring-queries.sql.
Boundary markers: Absent. There are no delimiters or instructions to ignore instructions embedded within the database results.
Capability inventory: The skill allows the agent to execute SQL queries and interpret performance data.
Sanitization: None. Database objects (like table names) or query text stored in pg_stat_statements could be crafted to include malicious instructions that influence the agent's reasoning during the 'diagnose' operation.
[Command Execution] (LOW): The skill enables the execution of SQL commands. While intended for monitoring, if the underlying database connection lacks strict row-level security or uses a superuser account, it could be leveraged for unauthorized data access.

postgresql-monitoring