The Agent Skills Directory

[PROMPT_INJECTION]: The validation SQL templates and Python artifacts (found in references/MIGRATION_VALIDATION.md and artifacts/migration_validation_example.py) build queries by interpolating variables like source_table, target_table, and column directly into strings. This pattern is vulnerable to indirect prompt injection (SQL injection) if these identifiers are provided by an untrusted user or source. * Ingestion points: Table names and column names in the validation suite. * Boundary markers: Not used in the SQL generation logic. * Capability inventory: Database execution through duckdb.DuckDBPyConnection.execute() and .sql(). * Sanitization: No escaping or validation is performed on the identifiers before interpolation.
[EXTERNAL_DOWNLOADS]: The skill utilizes the uv package manager to fetch the duckdb library from standard public registries as part of its automated validation workflow.

migrate-to-motherduck