The Agent Skills Directory

[PROMPT_INJECTION]: The skill facilitates the processing of data from database queries, creating a surface for potential indirect prompt injection attacks.
Ingestion points: Data retrieved via the readonly_query and get_schema MCP tools is ingested into the agent's context.
Boundary markers: The instructions do not provide explicit delimiters or boundary markers to isolate untrusted database output from the agent's system instructions.
Capability inventory: The skill provides the transact tool for executing SQL and a suite of bash scripts, including delete-cluster.sh, for AWS infrastructure management.
Sanitization: The skill acknowledges the risk of SQL injection due to the absence of parameterized query support and mandates the use of allowlists, regex validation, and quote escaping for all inputs (e.g., tenant_id).
[COMMAND_EXECUTION]: The skill provides bash scripts in the scripts/ directory for cluster management tasks such as create-cluster.sh, delete-cluster.sh, list-clusters.sh, and cluster-info.sh. It also includes psql-connect.sh for establishing database connections using automated IAM token generation.

aurora dsql