The Agent Skills Directory

[Indirect Prompt Injection] (LOW): The skill ingests untrusted SQL queries which could be influenced by external data. Evidence: (1) Ingestion points: SQL query string via --query argument in scripts/query.py. (2) Boundary markers: Client-side validation for SELECT/SHOW/EXPLAIN starts and single-statement enforcement. (3) Capability inventory: Executes queries on PostgreSQL databases via psycopg2. (4) Sanitization: Enforces server-side readonly=True sessions which provide primary protection against write operations.
[Data Exposure & Exfiltration] (SAFE): Credentials are stored locally in a config file; the skill includes security checks for restrictive file permissions (chmod 600) and validates them. Error messages are sanitized to prevent credential leaks. Network operations are limited to the user-configured database host.
[Remote Code Execution] (SAFE): No remote code downloads or dynamic execution patterns detected. Dependencies are standard and from trusted sources.

postgres