The Agent Skills Directory

[PROMPT_INJECTION] (HIGH): The skill's core function is to generate and run dlt pipelines (Python code) based on user-provided descriptions of APIs and databases. This represents a significant surface for Indirect Prompt Injection. • Ingestion points: Data entering the agent context via user requests describing source endpoints, authentication, and schemas. • Boundary markers: Absent. The templates do not instruct the agent on how to delimit or escape user-provided values when interpolating them into code scaffolds. • Capability inventory: The generated code has network access for API extraction and file system access for state/config management. Scripts also utilize subprocess for package management. • Sanitization: Absent. There is no logic to validate connection strings, URLs, or parameter names before they are embedded in executable code.
[COMMAND_EXECUTION] (MEDIUM): The scripts/install_packages.py and scripts/open_dashboard.py scripts execute system-level commands using subprocess.run. The install_packages.py script appends a user-influenced destination string to the package installation command (dlt[<destination>]). While using list-based arguments mitigates shell injection, the lack of strict validation could allow for the installation of unintended package extras or potential exploitation of package manager vulnerabilities.
[EXTERNAL_DOWNLOADS] (LOW): The documentation (references/verified-sources.md) references the use of dlt init, which downloads verified source code from external GitHub repositories. Although these are from a known organization, the execution of downloaded code represents a dependency risk.

dlt-skill