The Agent Skills Directory

[Indirect Prompt Injection] (LOW): The skill possesses a vulnerability surface where untrusted data could influence agent behavior.
Ingestion points: User-provided inputs are ingested via the $ARGUMENTS variable in the instructions.
Boundary markers: Absent. The skill does not use delimiters or explicit instructions to treat $ARGUMENTS as data rather than instructions.
Capability inventory: The skill is granted Bash, Write, and Edit tool permissions, which could be exploited if an injection occurs.
Sanitization: Absent. There are no instructions for the agent to sanitize or validate the content of the arguments before processing them or using them to generate shell commands.

database-migrations-sql-migrations