The Agent Skills Directory

[COMMAND_EXECUTION]: The Step 0 bash script in SKILL.md constructs a DuckDB SQL query using unsafe string interpolation: sales_name = '${SALES_NAME}'. This pattern is susceptible to SQL injection if the sales person's name contains malicious characters or SQL commands, potentially allowing unauthorized access to billing data of other personnel.
[DATA_EXFILTRATION]: The skill is designed to access sensitive financial data, including a local DuckDB configuration file (~/.duckdbrc) and a remote billing database (sales_bills_db). While this aligns with the skill's stated purpose, the lack of sanitization on the input parameters used to query this sensitive data increases the risk of unintended data exposure.
[COMMAND_EXECUTION]: The skill utilizes a 'write-and-execute' pattern where it generates and runs shell and Python scripts (step0_fetch_${SALES_NAME}.sh, func1_quarterly.py, etc.) at runtime. These scripts use variables like SALES_NAME in file paths and command arguments without explicit validation or escaping, which can lead to command injection or local file manipulation if the input is manipulated.
[COMMAND_EXECUTION]: The Python scripts (func1_quarterly.py, func2_weekly.py, func3_monthly.py) use sys.argv to ingest parameters and execute file system operations like Image.save() and open(). These operations rely on the integrity of the arguments passed from the master bash script.

ali-weekly-report