supabase-postgres-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- General Security (SAFE): The skill consists entirely of documentation and SQL examples. No executable scripts, shell commands, or unauthorized network operations are present.
- Credential Safety (SAFE): SQL examples use standard placeholders for sensitive data (e.g.,
password 'xxx') and promote the use of Row-Level Security (RLS) and the principle of least privilege. - External Dependencies (SAFE): The README.md mentions
npm installfor building documentation artifacts. Although specific packages are not listed, this is a standard build pattern for documentation repositories and originates from a trusted source (Supabase). - Indirect Prompt Injection (LOW): As a diagnostic and review skill, it possesses an inherent surface for indirect prompt injection via untrusted user SQL. Ingestion points: SQL queries, schemas, and EXPLAIN outputs provided by users for optimization (referenced in
SKILL.md). Boundary markers: None explicitly defined within the rules to separate instructions from user-provided SQL. Capability inventory: The agent's ability to execute suggested SQL or modify database configurations. Sanitization: None provided in the skill; it relies on the agent's internal safety filters.
Audit Metadata