The Agent Skills Directory

[COMMAND_EXECUTION]: Potential SQL injection vulnerability in analytics dashboard templates. The file 'templates/retention-dashboard.md' contains several Drizzle ORM query templates (such as 'retentionByDay' and 'dauMau') that use 'sql.raw' to interpolate variables directly into SQL INTERVAL strings. Because 'sql.raw' bypasses the standard parameterization and escaping mechanisms of the ORM, these templates are unsafe if the variables originate from untrusted sources like API query parameters or user-provided input. Developers adopting these templates should replace 'sql.raw' with safe parameterized inputs or implement strict numeric validation to prevent malicious SQL command injection.

engineering-gameplay-analytics