The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The script scripts/agent.py passes administrative database passwords as command-line arguments using the -p flag for MySQL and the -P flag for SQL Server. This practice is insecure as command-line arguments are visible in plain text to other users and monitoring tools through the system's process list.\n- [COMMAND_EXECUTION]: The skill uses subprocess.run to execute external binaries including psql, mysql, sqlcmd, and openssl. While it uses list-based arguments to prevent shell injection, the execution of these commands with administrative privileges constitutes a sensitive capability.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) by ingesting and processing untrusted data from database environments.\n
Ingestion points: Database user lists, permission metadata, and configuration settings are retrieved via CLI tools in scripts/agent.py.\n
Boundary markers: No delimiters or instructions are used to distinguish retrieved database data from the agent's own instructions in the audit report.\n
Capability inventory: The skill has the capability to execute shell commands via subprocess.run and write output files to the local system.\n
Sanitization: The skill performs no validation, escaping, or sanitization of the data retrieved from the database before including it in the final audit report output.

implementing-pam-for-database-access