supabase-backend-platform

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill includes realtime subscriptions and queries that read and display arbitrary user-generated content (e.g., .from('posts').select('*'), .channel(...).on('postgres_changes', ...) and broadcast chat handlers that console.log payloads, plus storage downloads/getPublicUrl), so the agent would ingest untrusted third-party/user-provided content as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The Edge Function example imports and executes remote modules at runtime from URLs (https://deno.land/std@0.177.0/http/server.ts and https://esm.sh/@supabase/supabase-js@2), which are fetched during function execution and thus constitute required external code execution dependencies.