supabase-reset-test-gen-loop
Warn
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes several local commands including 'supabase db reset', 'supabase test db', and 'npm run gen-types'. These commands interact with the local database environment and file system.- [DYNAMIC_EXECUTION]: The skill is instructed to 'read the error output, fix the underlying issue, and rerun the same command' in a loop. This creates a pattern where the agent dynamically generates and executes fixes (code or configuration changes) based on runtime feedback without human review.- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection via tool output.
- Ingestion points: Error output and standard output from the 'supabase' CLI and 'npm' scripts.
- Boundary markers: None. The agent treats the entire command output as data to be acted upon.
- Capability inventory: Execution of 'supabase' and 'npm' commands, and the ability to modify files in the working directory to 'fix' errors.
- Sanitization: No sanitization or validation of the error messages is performed before the agent attempts to interpret and 'fix' the reported issues.
Audit Metadata