The Agent Skills Directory

[DYNAMIC_EXECUTION]: The BatchMigrator and ParallelMigrator classes in resources/implementation-playbook.md use f-strings to construct SQL queries (e.g., f"{source_query} ORDER BY {cursor_column} ..." and f"INSERT INTO v2_{table_name} ..."). This practice is vulnerable to SQL injection if identifiers are provided by an untrusted source.\n- [COMMAND_EXECUTION]: The rollback_migration.sh script executes shell commands including psql and pg_dump. While expected for database management, these commands provide direct interaction with the system and database environment.\n- [INDIRECT_PROMPT_INJECTION]: The skill's architecture for processing user-defined migration logic creates a surface for indirect injection vulnerability.\n
Ingestion points: User-provided database schema descriptions and migration requirements used to generate SQL logic.\n
Boundary markers: None identified in the instructions or templates.\n
Capability inventory: SQL execution capabilities through psycopg2, alembic op.execute, and the psql system client.\n
Sanitization: Inconsistent; the playbook demonstrates both secure parameterized queries and insecure string formatting for metadata identifiers.

database-migrations-sql-migrations