Museum Data Manager

The skill contains significant SQL injection vulnerabilities in museum.py, where user-provided command-line arguments are directly interpolated into SQL strings (e.g., in the list_museums, get_museum, and check_data functions). Additionally, it provides a 'query' command that allows for arbitrary SQL execution. While these capabilities are documented and align with the stated purpose of museum database management, the lack of input sanitization and the broad database access pose a high risk of exploitation, though no evidence of intentional malice or data exfiltration was observed.