The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill references official Docker images for PostgreSQL (pgvector/pgvector) and ParadeDB (paradedb/paradedb), which are trusted industry-standard sources.
[EXTERNAL_DOWNLOADS]: The documentation and code integration examples refer to reputable libraries including openai, cohere-ai, and @supabase/supabase-js.
[SAFE]: All PL/pgSQL functions correctly handle dynamic SQL using FORMAT with %I for identifiers and USING for values, preventing SQL injection (e.g., match_documents_dynamic in scripts/semantic_search.sql).
[SAFE]: TypeScript utilities utilize the Drizzle sql tag for parameterization and Supabase RPC for secure database interactions.
[SAFE]: The skill incorporates explicit sanitization logic in helper functions like prefix_tsquery using regexp_replace to sanitize user-provided search terms.
[PROMPT_INJECTION]: Evaluated for Indirect Prompt Injection (Category 8) vulnerability surfaces: (1) Ingestion points: query_text parameter in search scripts (e.g., scripts/hybrid_search_fts.sql). (2) Boundary markers: Input is directly used in search operators. (3) Capability inventory: Limited to database-bound search queries. (4) Sanitization: Employs secure-by-design SQL functions like plainto_tsquery and includes custom regex sanitization logic. The surface is well-contained.

postgres-semantic-search