High-risk tools in PostgREST

High severity PostgREST MCP Server 4 of 32 tools

4 of the 32 tools in PostgREST are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.

Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.

Tools at high risk

deploy_edge_function Execute

Deploys a new Edge Function to a Supabase project. LLMs can use this to deploy new functions or update existing ones.
execute_sql Execute

Executes raw SQL in the database. LLMs should use this for regular queries that don't change the schema.
apply_migration Execute

Applies a SQL migration to the database. SQL passed to this tool will be tracked within the database, so LLMs should use this for DDL operations (schema changes).
merge_branch Execute

Merges migrations and edge functions from a development branch to production.

Attacks that target this class

High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.

High-risk tools in PostgREST

Tools at high risk

Attacks that target this class

More on PostgREST

Enforce policy on every PostgREST tool call.