The Agent Skills Directory

[Indirect Prompt Injection] (LOW): The skill is susceptible to indirect prompt injection due to its processing of natural language for database and tool operations. Ingestion points: Untrusted data enters the system through the /v1/nsql query parameter and the chat completion messages. Boundary markers: Configuration examples do not include delimiters or specific instructions to isolate user input from the system prompt. Capability inventory: The skill allows for direct sql execution, persistent memory storage/retrieval, websearch via external providers, and mcp tool execution. Sanitization: No input sanitization or validation of the LLM-generated SQL is documented.
[Command Execution] (LOW): The NSQL feature translates natural language into SQL and executes it against local or remote datasets. This is a primary feature of the skill, but it carries an inherent risk of data manipulation if the model is compromised.
[Data Exposure & Exfiltration] (LOW): The integration of websearch tools and mcp endpoints enables the agent to transmit data to external services (e.g., Perplexity) or local networked tools.

spice-ai