The Agent Skills Directory

[PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill facilitates processing of untrusted data from database tables (e.g., profiles, projects) via TypeScript scripts and SQL triggers. This creates a vector where malicious data stored in the database could influence agent behavior during migration or backfill operations.
Ingestion points: Data enter the context through the backfillColumn function in SKILL.md and references/implementation-plan.md, as well as Postgres triggers processing metadata from auth.users.
Boundary markers: Absent. The skill does not provide delimiters or instructions to help the agent distinguish untrusted data from its primary instructions.
Capability inventory: The skill utilizes Bash (for supabase and psql tools), Write, and Edit capabilities, which are used to manage and modify database state.
Sanitization: There is no explicit sanitization of data retrieved from the database before it is used in logic, aside from basic regex used in slug generation.
[COMMAND_EXECUTION]: Use of shell commands for database operations. The skill relies on Bash tools to execute npx supabase and psql commands for creating migrations, resetting databases, and pushing schema changes to remote environments.

supabase-migration-deep-dive