Supabase Local Development
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill instructs users to install the
supabaseCLI usingnpm install -g supabaseorbrew install. These are standard installation methods for a well-known developer tool from a reputable provider. - COMMAND_EXECUTION (LOW): Includes a troubleshooting command
sudo systemctl start docker. While this uses elevated privileges, it is a standard administrative operation for managing the Docker service on Linux systems and is used here in a legitimate context. - CREDENTIALS_UNSAFE (SAFE): The skill discusses the management of sensitive environment variables like
SUPABASE_SERVICE_ROLE_KEY. It correctly uses non-functional placeholders (e.g.,eyJ...) and includes explicit 'Best Practices' advising the user not to commit credentials to version control. - INDIRECT_PROMPT_INJECTION (SAFE): This skill is instructional and does not demonstrate an attack surface for ingesting untrusted data or providing output that influences downstream high-privilege components.
Audit Metadata