The Agent Skills Directory

[COMMAND_EXECUTION]: The utility script 'scripts/new_pipeline.py' uses the user-provided 'name' argument to create project directories using 'Path(name).mkdir(parents=True)'. The absence of input sanitization creates a path traversal vulnerability, allowing for the creation of directories outside the intended workspace if a relative or absolute path is provided as the name.
[REMOTE_CODE_EXECUTION]: The scaffolding logic in 'scripts/new_pipeline.py' generates Python and SQL source files by substituting the project name into string templates with minimal escaping. This enables a code injection attack where a crafted name (e.g., using parentheses and newlines) can insert arbitrary executable logic into the generated 'pipeline.py' or 'load.py' files, which may later be executed by the user or the agent.
[PROMPT_INJECTION]: The skill features a 'Pipeline Review' mode that processes untrusted code provided by the user, creating a surface for indirect prompt injection.
Ingestion points: User-provided code snippets and scripts processed during review sessions.
Boundary markers: Absent; there are no instructions to use delimiters or to treat reviewed content as non-instructional data.
Capability inventory: File system modification and script generation through 'scripts/new_pipeline.py'.
Sanitization: Absent; the agent is instructed to directly analyze provided code against its reference catalog without pre-processing.
[SAFE]: The practice catalogs in 'references/api_reference.md' correctly identify and advocate for the use of secrets management services (e.g., AWS Secrets Manager, HashiCorp Vault) and environment variables for managing sensitive database and API credentials, aligning with established security standards.

data-pipelines