The Agent Skills Directory

[PROMPT_INJECTION]: The skill uses AIClient to generate SQL from natural language input which is then executed via SqlClient. This represents a vulnerability surface for indirect prompt injection. 1. Ingestion points: The question input to AIClient.text_to_sql (SKILL.md). 2. Boundary markers: Absent; no delimiters or instructions to ignore embedded commands are present in the documentation. 3. Capability inventory: SqlClient.get executes raw SQL against datasets mapped in manifest.json (SKILL.md). 4. Sanitization: No sanitization, validation, or structural checks of the resulting SQL string are shown before execution.
[DATA_EXFILTRATION]: Maliciously crafted questions could potentially influence the generated SQL query to access or expose records from datasets that exceed the user's intended scope or authorization level.

cap-apps-sql-query