supabase-expert
Warn
Audited by Snyk on Mar 17, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). The skill's Edge Function imports remote modules at runtime (which will be fetched and executed) from URLs such as https://deno.land/std@0.168.0/http/server.ts and https://esm.sh/@supabase/supabase-js@2 (also https://esm.sh/stripe@14.0.0), making them required runtime dependencies that execute remote code.
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill explicitly includes an Edge Function ("supabase/functions/process-payment/index.ts") that integrates with Stripe: it imports Stripe, uses STRIPE_SECRET_KEY, calls stripe.paymentIntents.create(...) and stores a payment record in the database. This is a direct Payment Gateway integration and creates payment intents (i.e., moves/initiates money flows). Therefore it grants direct financial execution capability.
Issues (2)
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata