supabase-edge-functions

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes explicit examples and instructions that require embedding service role keys and bearer tokens verbatim into SQL, curl commands, and config updates (e.g., UPDATE ... SET value = 'sb_secret_YOUR_KEY_HERE', Authorization: Bearer YOUR_ANON_KEY), which would force an agent to handle/output secrets directly.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). This content contains high-risk credential-exposure and privilege-abuse patterns—most notably storing the full service_role key in private.config and explicitly GRANTing SELECT (and an exec RPC) to the "authenticated" role, plus verbose logging of headers/Authorization and returning stacks—creating an easy path for credential theft and unauthorized admin actions; no obfuscated code, remote shells, or dynamic eval were found.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's ingest workflow (supabase/functions/ingest-forecast/index.ts and the "Database Trigger Pattern" in references/deployment-patterns.md) explicitly downloads and parses user-uploaded CSV files from Supabase storage (and also describes fetching external forecasts/webhooks), which are untrusted user/third-party inputs that the function reads and uses to drive database updates and follow-up actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill imports remote Deno modules at runtime (e.g., https://deno.land/std@0.177.0/node/crypto.ts and https://deno.land/x/postgres@v0.17.0/mod.ts), which are fetched and executed as code and are required dependencies for the Edge Functions (e.g., webhook signature verification and DB access).