error-patterns
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The skill explicitly permits and provides templates for executing powerful commands via
Bashandmcp__plugin_supabase_supabase__execute_sql. Specifically, it suggests usingpg_terminate_backendto kill database processes andGRANTto modify database permissions. - PROMPT_INJECTION (HIGH): High vulnerability to Indirect Prompt Injection. The skill instructs the agent to ingest untrusted data (system logs) to determine 'Immediate Actions' and 'Root Cause Fixes'. An attacker who can influence logs—for instance, by triggering specific errors with crafted input—could inject instructions that the agent might interpret as necessary remediation steps.
- Evidence for Category 8 (Indirect Prompt Injection):
- Ingestion points: System logs accessed via
mcp__plugin_supabase_supabase__get_logs, file reading viaRead, and output processing viaGrep. - Boundary markers: Absent. The skill provides no instructions for the agent to distinguish between legitimate log data and embedded instructions.
- Capability inventory: Full access to
Bashandmcp__plugin_supabase_supabase__execute_sql(SQL write/admin capabilities). - Sanitization: None. There is no requirement for the agent to sanitize or validate data extracted from logs before using it to form shell or SQL commands.
Recommendations
- AI detected serious security threats
Audit Metadata