database-admin

The skill bundle contains hardcoded database credentials (IP 192.168.1.136, user 'postgres', password 'Hxkj510510') and scripts specifically targeting sensitive HR, payroll, and attendance data (query_kaoqin_forms.js). Additionally, almost all utility scripts, including create_table.js, query_helper.js, and schema_migrate.js, contain critical SQL injection vulnerabilities due to direct string concatenation of parameters into SQL queries. While these functions are consistent with the stated 'Database Admin' purpose, the combination of exposed credentials and lack of input sanitization poses a high risk of unauthorized data access or manipulation.