The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The script scripts/generate.py explicitly searches for and reads .env and .env.local files to extract the DATABASE_URL. Accessing environment files is a sensitive operation that poses a risk of credential exposure, especially if error messages containing the connection string are captured in the output.
[COMMAND_EXECUTION]: The script scripts/generate.py uses subprocess.run to execute a local Python script (graph_cli.py). The path to this script is constructed using the user-provided --target argument, which could potentially be manipulated to target unintended files.
[REMOTE_CODE_EXECUTION]: The script scripts/generate.py performs dynamic SQL execution using f-strings (e.g., f"SELECT count(*) FROM {tbl}"). While the table names are retrieved from the database's own metadata, this pattern of query construction is a security anti-pattern.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from various sources without sanitization.
Ingestion points: scripts/generate.py reads data from .tkt/ (YAML), skills/ (YAML), .memory/ (JSON), and a PostgreSQL database.
Boundary markers: The script does not implement any boundary markers or instructions to delimit ingested content from agent instructions.
Capability inventory: The skill utilizes file system read/write (fs.read, fs.write), process execution (proc.exec), and database access (db.read).
Sanitization: No significant sanitization or escaping is performed on content such as ticket titles, memory previews, or skill descriptions before they are embedded into the HTML dashboard output.

skill-system-dashboard