supabase-automation
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill consists of instructional content without executable scripts, focusing on the safe orchestration of existing Supabase tools.
- [COMMAND_EXECUTION]: The skill defines workflows for executing SQL queries via the SUPABASE_BETA_RUN_SQL_QUERY tool. It incorporates security best practices, such as recommending the read_only: true parameter for data retrieval to prevent unintended mutations.
- [EXTERNAL_DOWNLOADS]: The installation process involves downloading the skill definition from a public GitHub repository. It also references an external MCP server endpoint at rube.app for tool execution, which is a requirement for the skill's functionality.
- [PROMPT_INJECTION]: The skill interacts with external database content, which creates a surface for indirect prompt injection.
- Ingestion points: Data retrieved through SUPABASE_SELECT_FROM_TABLE and SUPABASE_LIST_TABLES in SKILL.md.
- Boundary markers: None defined in the prompt instructions.
- Capability inventory: The agent can execute SQL commands, manage project settings, and retrieve API keys via the toolkit.
- Sanitization: The instructions advise the agent to perform schema discovery and use read-only modes to limit the impact of processed data.
- [DATA_EXPOSURE_PREVENTION]: Includes explicit instructions for the AI agent to protect sensitive information, specifically advising against logging, displaying, or persisting full API keys retrieved through the toolkit.
Audit Metadata