Problem
The PostgreSQL directory adapter uses manual string escaping for SQL queries instead of parameterized queries. This is a potential SQL injection risk.
Additionally:
- Orchestrator interface is declared but not implemented
- AWS account creation is async (must poll) with no helper for polling
Found during
CLAUDE.md audit — packages/directory/src/
Problem
The PostgreSQL directory adapter uses manual string escaping for SQL queries instead of parameterized queries. This is a potential SQL injection risk.
Additionally:
Found during
CLAUDE.md audit —
packages/directory/src/