The Agent Skills Directory

[SAFE]: No malicious patterns, vulnerabilities, or unauthorized behaviors were detected. The skill is highly structured and focuses on read-only discovery of database metadata.
[PROMPT_INJECTION]: The skill processes table and column names, as well as comments from the ClickHouse database, which constitutes an indirect prompt injection surface. However, the skill implements mitigations by instructing the agent to wrap identifiers in backticks and use normalized query text, significantly reducing the risk of accidental instruction execution from database content.
[COMMAND_EXECUTION]: The skill utilizes local Python helper scripts (pareto_cut.py and synthesize_conventions.py) provided in the skill source to process data. These scripts were audited and found to contain only standard library imports and safe logic for data filtering and formatting.
[DATA_EXFILTRATION]: The skill is designed to profile database structures and query logs. It includes explicit rules for 'PII discipline' to normalize queries and strip comments, ensuring that sensitive data like emails or user IDs are replaced with placeholders before being saved into the generated artifact.

clickhouse-profiler