The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The scripts download and run the @toolbox-sdk/server@1.1.0 package using npx during execution. The package source is attributed to Google LLC.
[COMMAND_EXECUTION]: All scripts use child_process.spawn with shell: true when running on Windows. This configuration, combined with the inclusion of user-provided arguments in the command line, creates a potential injection point where shell metacharacters could be used to execute unintended commands despite basic quote escaping.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from the database.
Ingestion points: Database records fetched via scripts like execute_sql.js and list_views.js are directly incorporated into the agent's context.
Boundary markers: Output from database queries is not enclosed in delimiters or accompanied by instructions to treat the content as data only.
Capability inventory: The skill provides significant power to execute SQL and run system commands via its Node.js wrappers.
Sanitization: No sanitization is performed on the results retrieved from the database before they are passed to the agent.

alloydb-postgres-data