The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill directs users to download binary installers from an unverified personal GitHub repository (github.com/t8y2/dbx/releases).- [REMOTE_CODE_EXECUTION]: Building the tool from source involves cloning an external repository and executing scripts (pnpm install, pnpm tauri build), which allows for arbitrary code execution from an unverified source.- [COMMAND_EXECUTION]: The documentation includes a command (xattr -cr /Applications/dbx.app) to strip extended attributes from the application, which is used to bypass macOS security checks (Gatekeeper) for unsigned binaries.- [CREDENTIALS_UNSAFE]: The application is designed to collect and store database credentials, SSH private keys, and AI service keys (OPENAI_API_KEY, ANTHROPIC_API_KEY), which are then handled by the unverified external code.- [PROMPT_INJECTION]: The skill integrates with AI assistants and processes database schemas and query results, providing a surface for indirect prompt injection without explicit boundary markers or sanitization logic.

dbx-database-client