The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill instructs the agent to automatically scan the project directory and the user's home directory for sensitive files containing credentials, specifically **/bootstrap-dev.yml, ~/.claude/mysql-config.json, and ~/.cursor/mysql-config.json. This automated harvesting of passwords from configuration files allows the agent to gain unauthorized access to database systems.
[COMMAND_EXECUTION]: The skill executes the mysql command-line utility via the shell. It specifically passes sensitive passwords directly as command-line arguments using the -p'{password}' flag. This is a insecure practice because passwords passed in this manner are often visible in the system's process list, shell history, and logs.
[DATA_EXFILTRATION]: The core purpose of the skill is to query database records. While the instructions include a 'whitelist' for read-only operations, the fundamental capability allows the agent to read and potentially exfiltrate sensitive data from any table it can access based on parameters extracted from logs or user input.
[PROMPT_INJECTION]: The safety constraints, such as the SQL whitelist and the 'Safe SQL Analysis' logic, are implemented purely as natural language instructions within the skill file. These constraints are vulnerable to being bypassed by a sophisticated prompt injection attack that could trick the agent into executing blacklisted DDL or DML commands (e.g., DELETE or DROP).

mysql-debug