DevOps & Cloud

agent-skills

Platinum
Gemini 3Certified Safe
https://github.com/supabase/agent-skills
61,595 tokensgemini-3-pro-preview

Scan Warnings:

  • Truncated 1 large files to fit token budget.

Safety Score

90/ 100

Detected Capabilities

shellfilesystem_readfilesystem_write

Sensitive Files

    Clean filesystem scan

Deep Audit Findings

This repository contains a passive 'Knowledge Skill' consisting of PostgreSQL best practice documentation (Markdown) and a TypeScript build system to compile it. There is no active runtime code executed by the agent; the agent merely reads the provided Markdown files. The detected capabilities (shell, filesystem) belong to the build tool used to generate the documentation, not the skill itself. The security advice provided in the references is sound and follows industry standards. **Note:** Truncated 1 large files to fit token budget.

Build System Capabilities (False Positive for Runtime)

Static analysis flagged shell and filesystem access. In a runtime agent tool, this would be high risk, but here it is strictly scoped to the 'npm run build' process used by developers to compile documentation.

LOW
packages/skills-build/src/build.ts
writeFileSync(paths.agentsOutput, output.join("\n"));

Instructional Anti-Patterns (Context Risk)

The skill includes 'Incorrect' SQL examples (e.g., granting superuser privileges) to teach agents what NOT to do. A naive agent or simple scraper might contextually mistake these for recommendations if it ignores the Markdown headers.

LOW
skills/supabase-postgres-best-practices/references/security-privileges.md
**Incorrect (overly broad permissions):** ```sql -- Application uses superuser connection grant all privileges on all tables in schema public to app_user;

Attack Surface Chain

No specific attack chain identified.