The Agent Skills Directory

EXTERNAL_DOWNLOADS (LOW): The skill uses web_fetch to retrieve documentation from docs.snowflake.com. While this is the official vendor documentation site, the domain is not included in the predefined list of trusted external sources.
PROMPT_INJECTION (LOW): The skill is designed to process unstructured customer reviews through an LLM-based classification function (CLASSIFY_TEXT). This creates an indirect prompt injection surface (Category 8) where malicious content within the data could attempt to influence the agent's behavior.
Ingestion points: REVIEW column from the classified_reviews table and other data processed in Lesson 1 through Lesson 4.
Boundary markers: None explicitly implemented to delimit untrusted review text from instructions.
Capability inventory: Execution of SQL via session.sql and LLM processing via snowflake.cortex.classify_text.
Sanitization: No sanitization or validation of the input text is mentioned before it is sent to the LLM function.
COMMAND_EXECUTION (LOW): The environment detection logic in SKILL.md suggests using the ACCOUNTADMIN role as a fallback. This is the highest privilege level in Snowflake; while common in learning scenarios, it represents a risk of privilege escalation if used in production environments.

cortex-classify-tutorial