supabase-edge-functions

[Skill Scanner] Skill instructions include directives to hide actions from user All findings: [HIGH] autonomy_abuse: Skill instructions include directives to hide actions from user (BH009) [AITech 13.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] Overall, the fragment is a well-structured and largely safe documentation guide for Supabase Edge Functions. The primary risk lies in insecure example patterns that show service role keys being embedded or logged, which could be misused. To improve, tighten the examples, clearly annotate high-risk patterns, remove or redact sensitive snippets from client-facing contexts, and emphasize secret management and secret-scoped access controls. No malware is present; the content aligns with its instructional intent but needs stronger safeguards to prevent credential leakage in real deployments. LLM verification: The document is legitimate operational guidance for Supabase Edge Functions but contains high-risk examples around handling and transmission of the full service_role key. The primary security concerns are accidental leakage of long-lived admin credentials via database-stored keys, network-transmitted Authorization headers from pg_net, and console logging of headers. There is no evidence of deliberate malicious code or exfiltration to attacker-controlled infrastructure in the provided text; howev