pgvector-setup
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): Multiple bash scripts are vulnerable to SQL/Command Injection due to unsafe variable interpolation.
- Evidence (scripts/create-indexes.sh): The script executes
psql "$DB_URL" -t -c "SELECT COUNT(*) FROM information_schema.tables WHERE table_name = '$TABLE_NAME';". If the$TABLE_NAMEvariable contains malicious SQL (e.g.,docs'; DROP TABLE users; --), the database will execute the injected command. - Evidence (scripts/setup-hybrid-search.sh): Similar patterns exist where
${TABLE_NAME}is interpolated into complex SQL blocks (e.g.,ALTER TABLE ${TABLE_NAME} ADD COLUMN fts tsvector). - Evidence (scripts/test-vector-search.sh): The validation script also interpolates the table name directly into
psqlcalls for row counts and index checks. - [DATA_EXPOSURE] (LOW): Sensitive database credentials are handled via environment variables and command-line arguments.
- Evidence: The scripts rely on
SUPABASE_DB_URLwhich contains the database password in plain text. This is a common but sub-optimal pattern that can expose credentials in process lists (ps -aux) or shell history. - [INDIRECT_PROMPT_INJECTION] (MEDIUM): The skill creates a vulnerability surface by exposing setup scripts to the agent that lack input validation.
- Evidence: If an agent is directed to use this skill by an untrusted source (e.g., a malicious README in a different repo) and provides a crafted table name, the agent will inadvertently compromise the user's database via the HIGH severity injection mentioned above.
Recommendations
- AI detected serious security threats
Audit Metadata