The Agent Skills Directory

COMMAND_EXECUTION (HIGH): The scripts apply-rls-policies.sh, test-rls-policies.sh, and audit-rls.sh interpolate command-line arguments directly into SQL strings and shell commands executed via psql. Specifically, in apply-rls-policies.sh, the use of sed "s/TABLE_NAME/$table/g" to replace placeholders allows a malicious table name to break the sed command or inject SQL if the output is piped to psql. In test-rls-policies.sh, variables like $user_id and $table are used within SQL strings (e.g., SET request.jwt.claim.sub = '$user_id') without sanitization, permitting SQL injection.
CREDENTIALS_UNSAFE (MEDIUM): The skill documentation requires highly sensitive credentials to be set as environment variables, including SUPABASE_DB_URL (which contains the database password) and SUPABASE_SERVICE_KEY. While necessary for database administration, the automation scripts do not include protections to prevent these secrets from being logged or exposed in the event of a shell environment compromise.
INDIRECT_PROMPT_INJECTION (HIGH): Following the Category 8 assessment framework, this skill possesses a high-risk vulnerability surface. 1. Ingestion points: Command-line arguments ($table, $user_id, $org_id) in all scripts. 2. Boundary markers: Absent; user input is directly interpolated. 3. Capability inventory: The skill uses psql to execute arbitrary SQL and sed for string manipulation, providing a direct path to database modification. 4. Sanitization: Absent; there is no validation of the format or content of the table names or UUIDs provided. The severity is HIGH because the skill processes external content and has explicit write/execute capabilities on the database.

rls-templates