Can a skill stop my agent from dropping a production table?
No, and the incidents prove it. In July 2025 Replit's agent deleted a production database holding records on more than 1,200 executives during an explicit code freeze, and in April 2026 an agent chasing a staging issue used an over-scoped Railway token to erase a production volume and its backups in nine seconds. Both ran on credentials that permitted the destructive call, and no amount of injected context overrides permissions. Skills lower the odds the agent reaches for DROP by giving it safer defaults: Neon branches for experiments, migrations with working down functions, query-safety rules with LIMIT and timeouts. The hard controls still have to exist underneath: least-privilege or read-only credentials, human-gated migrations, and backups the agent cannot reach.
Why did my Supabase UPDATE return zero rows with no error?
Postgres row-level security needs a SELECT policy before an UPDATE can find the rows to change, so a table with only an UPDATE policy silently updates nothing. The supabase skill's security checklist names this trap directly, along with its sibling: an UPDATE policy without a WITH CHECK clause lets a user reassign a row's user_id to someone else. Both fail without errors, which is why they survive code review and reach production.
Supabase or Neon for an agent-driven project?
Decide by how much platform you want. Supabase bundles auth, storage, realtime, and edge functions around Postgres; its Branching 2.0 (July 2025) works from the dashboard or CLI without Git, and the Pro plan starts at $25 a month with branches billed around $0.013 per hour. Neon sells the database alone, and its copy-on-write branches are the best fit for agent experimentation: instant, cheap, and carrying full data. The free tier allows 100 projects with scale-to-zero compute, and paid usage runs about $0.106 per compute-unit hour. Teams that want the whole backend pick Supabase; teams that want disposable full-data branches for every agent session pick Neon.
Do I need both Supabase skills, or is that redundant?
They do different jobs. supabase-postgres-best-practices is a portable Postgres rulebook covering indexes, pooling, locking, and RLS patterns, and it is useful on any Postgres host, including RDS and bare metal. The supabase skill is platform operations: CLI workflows, migration discipline, MCP setup, and the platform-specific security checklist. Supabase projects benefit from both; everyone else takes the rulebook alone.
My agent keeps writing Prisma 6 patterns in a Prisma 7 project. What fixes that?
This is version drift, the same failure the supabase skill fights with its changelog rule. Prisma 7 moved datasource URLs into prisma.config.ts and made driver adapters the standard SQL path, and training data predates both, so agents reproduce v6 configuration from memory. prisma-database-setup counters it with current config per provider and the adapter tables, and the same repo ships prisma-upgrade-v7 for converting existing projects. The one exception is MongoDB, which the skill instructs to keep on Prisma 6.x deliberately.
Is it safe to let an agent optimize queries against production?
Read-side diagnosis is the reasonable case, and the vendor skills encode the guardrails: ClickHouse's rules mandate LIMIT, timeouts, and schema discovery before any query, and MongoDB's optimizer refuses to create indexes without approval and only suggests removals the Performance Advisor endorses. Write-side work is different. Index creation locks tables and migrations change state, so run those through a branch (Neon or Supabase both support this) or a staging copy, verify with EXPLAIN or executionStats, and promote deliberately.