The Agent Skills Directory

[COMMAND_EXECUTION]: The skill facilitates database and function management through the supabase CLI. Scripts like safe_sql_runner.ts and migration_apply.ts execute SQL and system commands. These are implemented using safe APIs (Bun's shell and Python's list-based subprocess execution) that prevent shell injection vulnerabilities.
[CREDENTIALS_UNSAFE]: The skill provides mechanisms for managing project secrets and environment variables. secret_sync.py includes a safety filter that explicitly prevents the synchronization of sensitive administrative keys, such as SUPABASE_SERVICE_ROLE_KEY and POSTGRES_PASSWORD, to remote Edge Functions, minimizing the risk of credential exposure.
[EXTERNAL_DOWNLOADS]: The validate_env.py script includes a connectivity test that makes an HTTP request to the user's own Supabase project URL. This is a standard verification step for cloud-integrated tooling and targets a well-known service infrastructure.
[PROMPT_INJECTION]: The skill accepts SQL queries as input, which is an inherent part of its database management functionality. It mitigates risks by implementing SQL classification logic in safe_sql_runner.ts to identify potentially destructive patterns. Evidence: Ingestion points include command-line arguments and migration files (e.g., safe_sql_runner.ts, migration_apply.ts); boundary markers include warning prompts and mandatory confirmation flags for remote operations; capabilities include full database execution via the supabase CLI; sanitization is performed via keyword-based risk classification.

supabase-cli