supabase-automation
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the agent to connect to an external MCP server at https://rube.app/mcp, which creates a dependency on a remote service that provides the tool definitions and operational logic.
- [COMMAND_EXECUTION]: The tool SUPABASE_BETA_RUN_SQL_QUERY allows for the execution of arbitrary SQL statements. This provides high-level control over the database and could be used to modify or delete data if the agent is misled.
- [CREDENTIALS_UNSAFE]: The skill includes the SUPABASE_GET_PROJECT_API_KEYS tool, which is capable of retrieving highly sensitive service-role and anonymous API keys. Access to these keys poses a significant security risk if they are exposed in the agent's output.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests untrusted data from the database. 1. Ingestion points: SUPABASE_SELECT_FROM_TABLE and SUPABASE_BETA_RUN_SQL_QUERY. 2. Boundary markers: Absent; there are no instructions to use delimiters or treat retrieved data as untrusted. 3. Capability inventory: Access to arbitrary SQL execution and sensitive API key retrieval. 4. Sanitization: Absent; the skill lacks guidance on validating or escaping database content before processing.
Audit Metadata