supabase-expert
Warn
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The script
scripts/search-docs.shperforms shell command execution with unsanitized inputs. - Evidence: The script takes CLI arguments
$1and$2and uses them directly as$SEARCH_TERMand$CATEGORYinside agrepcommand. While double-quoted, the lack of input validation allows for argument injection or behavior manipulation of thegreputility. - DATA_EXFILTRATION (MEDIUM): The documentation search tool is vulnerable to Path Traversal.
- Evidence: In
scripts/search-docs.sh, the variableSEARCH_PATHis constructed by appending the user-supplied$CATEGORYdirectly to a base path ($DOCS_DIR/guides/$CATEGORY). An attacker could provide a category string containing../sequences (e.g.,../../../../etc) to forcegrepto read sensitive system files outside the designated documentation folder. - DATA_EXFILTRATION (SAFE): The
README.mdfile reveals the author's local system path and username. - Evidence: The installation and usage sections hardcode the path
/Users/zach/Documents/cc-skills/docs/supabase/, exposing personal directory structure and a username. - PROMPT_INJECTION (LOW): The skill possesses a surface for indirect prompt injection by ingesting and outputting external documentation data.
- Ingestion points:
scripts/search-docs.shreads content from various.txtfiles on the local filesystem. - Boundary markers: Absent. The script pipes raw file contents to the standard output which is then consumed by the agent without delimiters or instructions to ignore embedded commands.
- Capability inventory: The skill can execute shell commands (
grep) and access the local filesystem. - Sanitization: None. The skill does not perform any validation or escaping of the content retrieved from the documentation files before presenting it to the agent.
Audit Metadata