postgres-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (LOW): The skill configures the Supabase MCP server using
npx -y @supabase/mcp-serverand imports Deno modules for Edge Functions. Per [TRUST-SCOPE-RULE], these are downgraded to LOW because they originate from the official Supabase organization. - Dynamic Execution (SAFE): The skill provides SQL code for
security definerfunctions. The examples include the best practice of settingsearch_path = ''to prevent search path hijacking. - Indirect Prompt Injection (LOW): The skill facilitates an attack surface where an agent interacts with external database data.
- Ingestion points: Database schema information and query results enter the agent context via the MCP server.
- Boundary markers: None (absent). The patterns provide SQL logic but no natural language delimiters for the agent's prompt context.
- Capability inventory: The MCP server allows
npxexecution, SQL mutations, and schema changes (SKILL-SUPABASE.md). - Sanitization: (Absent). The skill relies on Row Level Security (RLS) configuration rather than input sanitization of the data processed by the agent.
Audit Metadata