The Agent Skills Directory

[Indirect Prompt Injection] (HIGH): The skill enables an AI agent to query and modify an external database, which is a prime surface for indirect prompt injection attacks. Specifically, it enables capabilities that allow retrieved untrusted data to influence the agent's next steps while possessing write-access to the same data source.
Ingestion points: Data is brought into the agent's context through get(), aggregate(), and watch() methods as seen in SKILL.md, aggregation.md, and realtime.md.
Boundary markers: Absent. There are no instructions or delimiters provided to help the agent separate data from potential commands within the retrieved documents.
Capability inventory: The skill includes write and delete capabilities (add(), update(), delete()) as documented in SKILL.md, allowing for persistent side effects based on untrusted input.
Sanitization: Absent. No logic is provided to sanitize or validate database content before it is processed by the agent.
[Unverifiable Dependencies] (MEDIUM): The skill utilizes the @cloudbase/js-sdk package (referenced in SKILL.md). This dependency is not from an organization on the explicitly trusted external sources list.
[Data Exfiltration] (LOW): The skill performs network requests to cloudbase.net domains for database operations. While this is the intended functionality, these domains are not on the analyzer's whitelist for network operations.

cloudbase-document-database-web-sdk