TEXT2SQL

This skill implements a Text→SQL flow but has a few red flags you should consider before installing or running it: - External network: By default the skill sends your topic YAML and question to https://asksql.ucap.com.cn (a third-party service) to generate SQL. Any schema/metadata you include (and potentially some derived info) will be transmitted off your machine. If your schema, table names, or examples are sensitive, do not upload them to an unfamiliar remote endpoint. Consider changing the --api-url to a trusted internal service or running the service locally if possible. - Credentials storage: config_db.py writes DB credentials to a local JSON file in cleartext (./output/text-to-sql-config.json). Treat that file as sensitive. Do not use production credentials; prefer a read-only user and rotate credentials after testing. Consider encrypting or avoiding persistent storage of passwords. - Implementation inconsistencies: The scripts and SKILL.md disagree on the API path and on how db passwords are supplied (separate --db-password vs credentials embedded in db_url). The Excel configuration description is inconsistent with script behavior. Expect you'll need to review and possibly patch scripts before use. - Data sampling: read_tables.py attempts to sample rows (ORDER BY RAND()) which can be heavy on large tables and may expose row-level data. Use sample-free options or run against a sanitized copy of the DB. Given these, do not run against production systems or supply high-privilege credentials until you verify the endpoint, review the code, and test in an isolated environment.