The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill fetches the trace_processor Python wrapper from https://get.perfetto.dev/trace_processor. This domain belongs to the official Perfetto project maintained by Google, a trusted organization.
[REMOTE_CODE_EXECUTION]: The execution protocol involves downloading a script and executing it locally using ./trace_processor. While this matches remote code execution patterns, the source is a trusted well-known service, and the behavior is essential for the skill's primary function.
[COMMAND_EXECUTION]: The skill uses the trace_processor CLI tool to execute SQL queries. It also includes instructions to modify file permissions using chmod +x during tool setup.
[PROMPT_INJECTION]: The skill's 'Precedence Rule' in Step 1 instructs the agent to prioritize user-provided SQL queries without modification, bypassing the dissect and research phase. This creates a surface for indirect prompt injection if malicious instructions are embedded in the user's data intents.
Ingestion points: User-provided queries in the initial request (SKILL.md Step 1.2).
Boundary markers: No specific delimiters or 'ignore embedded instructions' warnings are mandated for user SQL input.
Capability inventory: Shell execution of the trace_processor tool (SKILL.md Step 2.36).
Sanitization: The skill mitigates risk through a mandatory validation loop (Step 2) that checks syntax, schema existence, and adherence to specific SQL constraints before execution.

perfetto-sql