supabase-splinter-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow/run script (scripts/run_splinter.sh) unconditionally curl's a default SPLINTER_URL (https://raw.githubusercontent.com/supabase/splinter/refs/heads/main/splinter.sql) and then executes that fetched splinter.sql via psql as part of the mandatory "Run Splinter" step, so untrusted third‑party content is fetched and its outputs directly influence triage and remediation decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's runtime script (scripts/run_splinter.sh) downloads and executes remote SQL from https://raw.githubusercontent.com/supabase/splinter/refs/heads/main/splinter.sql via curl and psql, so externally fetched content is executed on the local database.