When should I use SECURITY DEFINER instead of SECURITY INVOKER?

Use SECURITY DEFINER only when the function requires higher privileges than the calling user (e.g., allowing a public user to register an account). Always include explicit access control checks inside the function body when using this mode.

Does this skill help with Supabase Edge Functions?

No, this skill focuses exclusively on database-level PostgreSQL functions and stored procedures. For Deno-based serverless functions, you should use a TypeScript or general Edge Functions skill.

How does this skill handle SQL injection in dynamic queries?

It promotes the use of the format() function with %I for identifiers and %L for literals, or strict whitelisting of inputs, to ensure that dynamic SQL cannot be exploited by malicious parameters.

Why does this skill enforce setting search_path to an empty string?

This is a critical security measure to prevent 'search path attacks' where a malicious user creates a fake table or function in a common schema to hijack your function's execution logic.

Supabase PostgreSQL Functions

Name: Supabase PostgreSQL Functions
Author: linehaul-ai

bylinehaul-ai

•

Database Management

Generates secure, production-ready PostgreSQL functions and triggers optimized for Supabase databases.

This skill provides comprehensive guidance for creating high-quality PostgreSQL functions within the Supabase ecosystem. It enforces critical security patterns such as 'SECURITY INVOKER' and 'search_path' isolation to protect against schema hijacking and privilege escalation. Whether you are building automated triggers, complex business logic, or helper functions for Row-Level Security (RLS), this skill ensures your database-side code follows production-grade standards and integrates seamlessly with Supabase client libraries and PostgREST.

Key Features

01Automatically qualifies database object references to avoid schema resolution attacks

02Prevents common SQL injection vulnerabilities through proper quoting and input validation

03Provides clear patterns for error handling and data validation within PL/pgSQL

04Enforces SECURITY INVOKER and search_path isolation for maximum database security

051 GitHub stars

06Generates optimized templates for triggers, stored procedures, and immutable functions

Use Cases

01Building secure trigger functions for automated table operations and data auditing

02Implementing complex backend business logic in the database to optimize performance

03Creating specialized helper functions for hardening Row-Level Security (RLS) policies

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add linehaul-ai/linehaulai-claude-marketplace postgres-functions

For use in Claude.ai and ChatGPT

Download Skill