read-only-postgres

The skill presents a coherent, intentionally narrow tool for safe read-only PostgreSQL exploration. Its footprint—reading a local credentials file, establishing read-only DB connections, and returning query results—matches the stated purpose. The main security considerations are plaintext storage of credentials (mitigated by file permissions but not mitigated by secret-management integration) and potential exposure of sensitive data through query output if not properly access-controlled. Overall, the risk is low-to-moderate (benign with notable caution around credential handling), and no evidence of exfiltration, autonomous actions, or supply-chain issues. Recommend acceptance with explicit guidance to integrate secret management, enforce strict access controls, and consider masking or redacting sensitive columns by default when displaying results.