moai-baas-supabase-ext
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requests access to the
Bashtool, providing the agent with the capability to execute shell commands. While the provided documentation uses this for legitimate database management tasks, the tool itself represents a high-privilege capability. - [EXTERNAL_DOWNLOADS]: The skill leverages
WebFetchand themcp__context7__get-library-docstool to pull documentation and latest features from external sources. These operations target well-known documentation repositories and official library indices. - [EXTERNAL_DOWNLOADS]: Code examples for Edge Functions include external imports from
deno.landandesm.sh, which are standard, well-known registries for Deno and JavaScript modules. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting external data (via
WebFetchandmcp__context7) and using it to formulate architecture designs and optimization strategies. - Ingestion points: External documentation retrieved via
mcp__context7__get-library-docsand arbitrary URLs viaWebFetch. - Boundary markers: The skill lacks explicit delimiters or instructions to ignore embedded commands within the retrieved documentation.
- Capability inventory: The agent has access to
Bash,Write,Edit, andWebFetch, which could be exploited if malicious instructions were successfully injected through the documentation sources. - Sanitization: No input validation or sanitization logic is present for the data retrieved from external tools.
Audit Metadata