The Agent Skills Directory

Prompt Injection (SAFE): No evidence of instructions designed to override agent behavior, bypass safety filters, or reveal system prompts. The content is purely instructional and focused on database optimization.\n- Data Exposure & Exfiltration (SAFE): No sensitive file paths, hardcoded credentials, or exfiltration patterns were found. SQL examples use standard placeholders like 'xxx' or '/path/to/data.csv' for demonstration purposes.\n- Obfuscation (SAFE): All content is provided in clear text Markdown and standard SQL. There are no encoded strings, hidden characters, or homoglyphs.\n- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill does not include any external package manifests (like package.json or requirements.txt) and does not perform any network operations to download or execute remote code.\n- Privilege Escalation (SAFE): No commands for unauthorized privilege escalation were detected. The skill specifically includes guidance on the 'Principle of Least Privilege' and recommends against using superuser accounts for application queries.\n- Indirect Prompt Injection (LOW): While the skill is designed to help an agent review and optimize SQL (which involves ingesting untrusted user data), the guidance provided is strictly focused on performance and security (e.g., correctly setting the search_path in security definer functions). This is a safe instructional surface.\n- Dynamic Execution (SAFE): The skill does not contain logic to generate or execute code at runtime. It provides static SQL templates for human or agent reference.

supabase-postgres-best-practices