The Agent Skills Directory

[COMMAND_EXECUTION] (MEDIUM): SQL Injection vulnerability in helper script. In scripts/setup_vault_secrets.sh, the function upsert_secret constructs SQL queries by directly interpolating shell variables into strings: run_sql "UPDATE vault.secrets SET secret = '${secret_value}' WHERE name = '${secret_name}';". If a secret value (like a service key or URL) contains single quotes or malicious SQL fragments, it could lead to arbitrary SQL execution within the database context.
[DATA_EXFILTRATION] (MEDIUM): Potential for service role key exfiltration via dynamic URL. The function _internal_call_edge_function in assets/setup.sql retrieves both the SUPABASE_URL and SB_SECRET_KEY from the Vault and uses pg_net to send the secret key in the headers of an HTTP POST request to that URL. If an attacker can manipulate the SUPABASE_URL stored in the Vault, the system will automatically exfiltrate the high-privilege service role key to the attacker-controlled endpoint.
[CREDENTIALS_UNSAFE] (LOW): Risk of credential exposure in version control. The workflow in assets/seed.sql and references/workflows.md encourages developers to append their local service role keys to the project's supabase/seed.sql file. While intended for local development persistence, this practice increases the risk that these sensitive credentials will be accidentally committed to a repository.
[PRIVILEGE_ESCALATION] (SAFE): Proper implementation of internal utility functions. The SECURITY DEFINER functions in assets/setup.sql follow security best practices by setting an empty search_path and explicitly revoking access from PUBLIC, anon, and authenticated roles while granting execute permissions only to the service_role.

backend-development