The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructions in SKILL.md (Initial Response section) explicitly direct the agent to use the cockroach sql CLI tool with a connection string taken directly from the user prompt: cockroach sql --url "" -e "SQL". This is a direct command injection vulnerability because a user can provide a URL string containing shell metacharacters such as semicolons, backticks, or pipe symbols to execute arbitrary commands on the agent host system.\n- [REMOTE_CODE_EXECUTION]: The instruction to interpolate unvalidated user input into a shell command allows for remote code execution. An attacker can craft a payload within the connection string parameter to bypass the intended database utility and run system-level scripts.\n- [DATA_EXFILTRATION]: The skill instructions include reading environment variables like COCKROACH_URL using echo. If an agent is manipulated via prompt injection, it could be forced to reveal the contents of these environment variables, which typically contain sensitive database credentials.

cockroachdb-sql