The Agent Skills Directory

[Indirect Prompt Injection] (LOW): The skill allows the agent to ingest untrusted data from an external relational database, creating a surface for indirect prompt injection. 1. Ingestion points: Results from executeReadOnlySQL in SKILL.md. 2. Boundary markers: Absent; no instructions provided for handling untrusted data from queries. 3. Capability inventory: executeWriteSQL (data/schema modification) and writeSecurityRule (permission modification). 4. Sanitization: Absent; no mention of sanitizing or escaping query results.
[Command Execution] (LOW): The executeWriteSQL tool enables arbitrary SQL execution, allowing for destructive operations such as table deletion and data modification.
[Privilege Escalation] (LOW): The writeSecurityRule tool provides the capability to modify access control lists and security policies for database tables.

relational-database-mcp-cloudbase