result-supabase-reporter
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The script executes external commands including
sqlite3,evalpkgs, andpsto manage data collection and background processes. These interactions are performed using argument arrays, which prevents shell-based command injection. - [DATA_EXFILTRATION]: The skill is designed to transmit data from a local SQLite database to a remote Supabase instance. This behavior is documented and driven by user-supplied configuration (
SUPABASE_URL), with secrets handled through environment variables rather than hardcoding. - [PROMPT_INJECTION]: The CLI includes a
--whereflag that accepts SQL fragments for data filtering. The implementation uses a helper function to sanitize values interpolated into these fragments, minimizing the risk of SQL injection while allowing flexible querying.
Audit Metadata