The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructions direct the agent to generate and execute shell scripts containing powerful system commands. Examples include database dump/restore utilities (pg_dump, mongodump, mongorestore), directory manipulation (mkdir -p), and file deletion (rm -rf, find ... -delete).
[DATA_EXFILTRATION]: The skill manages sensitive database connection strings and URIs that typically contain authentication credentials. It also supports moving backup data to external cloud storage providers (AWS S3, GCS, Azure Blob Storage).
[PROMPT_INJECTION]: The skill has a significant attack surface for indirect prompt injection. It accepts unvalidated user input (database names, connection URIs) and interpolates them into executable shell scripts. 1. Ingestion points: Database connection details, names, and requirements provided in user requests (SKILL.md). 2. Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the prompt templates. 3. Capability inventory: Generates shell scripts, executes system commands, deletes files, and modifies system scheduling (cron). 4. Sanitization: There is no evidence of input validation or escaping mechanisms to prevent command injection during script generation.
[CREDENTIALS_UNSAFE]: The documentation includes example scripts with hardcoded placeholder credentials (e.g., mongodb://backup_user:secret@...). While intended as examples, these demonstrate poor security practices regarding credential management.

database-backup