The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill uses hardcoded passwords in its connection and user management examples.
The environment variable PGPASSWORD=secret is explicitly used in the PostgreSQL connection example.
The SQL command CREATE USER newuser WITH PASSWORD 'secret' is included in the user management section.
[DATA_EXFILTRATION]: The skill provides commands to access sensitive system log files that may contain sensitive database activity or credentials.
It utilizes tail -f /var/log/postgresql/postgresql.log to monitor slow queries, which is a path to sensitive system logs.
[COMMAND_EXECUTION]: The skill relies on shell command execution to perform its primary functions.
It executes sqlite3, psql, pg_dump, and system utilities like ls and tail via shell subprocesses.
[PROMPT_INJECTION]: The skill has a large attack surface for indirect prompt injection via untrusted database content.
Ingestion points: Untrusted data enters the agent context through database query results (e.g., sqlite3 my.db "SELECT * FROM users;").
Boundary markers: There are no delimiters or instructions provided to the agent to treat database content as untrusted or to ignore embedded instructions.
Capability inventory: The skill has extensive capabilities including shell command execution (sqlite3, psql), file system access (ls, tail), and database administrative functions.
Sanitization: No evidence of sanitization or validation of data retrieved from the database is present before the agent processes it.

database-tools