The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill instructs the agent to execute echo $POSTGRES_URL to verify the environment. This action potentially exposes sensitive database credentials (username, password, host) to the session output and terminal logs.
[COMMAND_EXECUTION]: The skill makes use of the Bash tool to run developer commands such as pnpm drizzle-kit generate and pnpm build. While these are expected for the skill's stated purpose, they involve arbitrary shell command execution.
[DATA_EXFILTRATION]: The skill reads from local filesystem paths such as src/lib/schema.ts and drizzle/*.sql. Accessing these files is a prerequisite for exfiltrating sensitive project information, although no active network send was detected.
[INDIRECT_PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it ingests data from untrusted or project-provided files.
Ingestion points: Reads project files src/lib/schema.ts and drizzle/*.sql.
Boundary markers: None detected in the instructions.
Capability inventory: Uses powerful tools including Bash, Write, and Edit which can modify the environment or system state.
Sanitization: No explicit sanitization or validation of the content of the read files is performed before processing.

db-migrate