supabase-ci-integration
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill facilitates the configuration of CI/CD pipelines using standard GitHub Actions and Supabase integration patterns. It encourages the use of secure secret management practices via the GitHub CLI (
gh secret set). - [EXTERNAL_DOWNLOADS]: The skill references official GitHub Actions (
actions/checkout@v4,actions/setup-node@v4) and documentation from Supabase and GitHub. These are well-known and trusted services used appropriately within the context of the skill's primary purpose. - [COMMAND_EXECUTION]: The skill utilizes the GitHub CLI (
gh) for administrative tasks such as setting secrets. The execution environment is appropriately restricted to this specific tool in the skill's configuration. - [INDIRECT_PROMPT_INJECTION]: As the skill is designed to assess and modify project files, it possesses an inherent attack surface for indirect prompt injection from repository content. However, it follows standard development patterns and lacks complex autonomous logic that would elevate this risk beyond the baseline for development-oriented agents.
Audit Metadata