The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses subprocess.run to interact with the Treasure Data command-line tool (tdx). It invokes tdx auth show in schema_auto_tagger_implementation.py to retrieve API keys and uses tdx tables and tdx show schema in workflow_scripts/scan_schema.py to collect database metadata. These operations are essential for the skill's core functionality and use standard platform utilities.
[EXTERNAL_DOWNLOADS]: The skill makes network requests to the official Treasure Data API (api.treasuredata.com) to manage policy tags and sends notifications to user-configured Slack webhooks in workflow_scripts/send_notification.py. These connections target well-known services and are core to the skill's intended purpose.
[PROMPT_INJECTION]: The skill reads column names and descriptions from database schemas, which serves as an indirect input surface. However, the analysis logic relies on static regular expressions in schema_auto_tagger_implementation.py and schema_tagger_rules.yaml to generate suggestions, rather than interpreting the data as instructions, effectively mitigating the risk of injection.
[CREDENTIALS_UNSAFE]: Security best practices are followed for credential management. Secrets such as TD_API_KEY and SLACK_WEBHOOK are retrieved from environment variables or workflow secrets, and the documentation provides clear instructions on using .env files and secure secret storage.

schema-auto-tagger