The Agent Skills Directory

[Indirect Prompt Injection] (LOW): The skill provides extensive templates for MongoDB and SQL queries. If an AI agent uses these templates to process untrusted user input, it creates an injection surface. Ingestion points: User-provided search terms, filters, and document fields interpolated into queries in references/mongodb-crud.md and SKILL.md. Boundary markers: Absent in the provided templates; there are no instructions to the agent on how to delimit data from query logic. Capability inventory: The skill enables full database access via MongoClient, psycopg2, and CLI tools like psql and mongosh. Sanitization: The templates do not demonstrate the use of parameterized queries or input validation, making them susceptible to manipulation by malicious data.
[Command Execution] (LOW): SKILL.md and references/mongodb-atlas.md include instructions for executing administrative commands such as sudo apt-get and sudo systemctl. While standard for database installation, these instructions encourage the agent to operate in a high-privilege environment.
[Metadata Poisoning] (LOW): The scripts/requirements.txt file claims there are no Python package dependencies. However, the test file scripts/tests/test_db_migrate.py clearly indicates that the migration script depends on external libraries such as pymongo and psycopg2 for database connectivity. This misleading metadata could bypass automated dependency checks that look for high-risk packages.

databases