The Agent Skills Directory

[COMMAND_EXECUTION]: The skill includes several bash scripts in the scripts/ directory for cluster management (creation, deletion, info) and database connectivity. These scripts interact with the AWS service using the official AWS CLI and psql.
[EXTERNAL_DOWNLOADS]: The scripts/loader.sh script automates the installation of the Aurora DSQL Loader. It fetches release metadata and binary assets from the aws-samples/aurora-dsql-loader repository on GitHub. The script implements security checks, including domain validation (GitHub) and binary integrity verification (checking file size and magic numbers).
[REMOTE_CODE_EXECUTION]: The skill configures an MCP server using uvx to execute awslabs.aurora-dsql-mcp-server@latest. This is a standard method for running MCP servers from the trusted awslabs organization.
[PROMPT_INJECTION]: The skill contains no evidence of malicious prompt injection. On the contrary, it provides explicit instructions and a dedicated utility library (safe_query.py) to ensure that all SQL queries generated by the agent are properly sanitized and validated against an allowlist of patterns and identifiers.
[DATA_EXFILTRATION]: No exfiltration patterns were detected. The skill's network operations are restricted to AWS API endpoints and official GitHub repositories for the purpose of cluster management and tool updates.
[CREDENTIALS_UNSAFE]: The skill correctly handles credentials by relying on the user's local AWS CLI configuration and generating short-lived IAM authentication tokens for database connections, following security best practices.

dsql