The Agent Skills Directory

[EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires the installation of the @cloudbase/js-sdk package via npm. This dependency is not from the predefined list of trusted organizations and is referenced without a specific version lock, increasing the risk of supply chain attacks or the inclusion of malicious code if the registry is compromised.
[PROMPT_INJECTION] (MEDIUM): The skill is vulnerable to indirect prompt injection because it allows the agent to ingest and process content from a database without proper sanitization or boundary markers, while also granting the agent the ability to modify that data.
Ingestion points: Data retrieved from the database via db.from().select() as seen in Scenario 1 and 2.
Boundary markers: No explicit delimiters or instructions are provided to the agent to treat external database content as untrusted data.
Capability inventory: The skill provides full CRUD capabilities (Insert, Update, Delete) via the db.from().insert(), db.from().update(), and db.from().delete() methods, allowing potentially injected instructions to execute state-changing operations.
Sanitization: There is no evidence of data sanitization, schema validation, or output filtering to mitigate the risk of instructions embedded in the database records.

relational-database-web-cloudbase