skills/jeremylongshore/claude-code-plugins-plus-skills/supabase-incident-runbook/Gen Agent Trust Hub
supabase-incident-runbook
Warn
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill instructs the agent to retrieve and decode sensitive API keys from Kubernetes secrets, exposing them in the agent's process context and logs.
- Evidence:
kubectl get secret supabase-secrets -o jsonpath='{.data.api-key}' | base64 -dinreferences/immediate-actions-by-error-type.md. - [COMMAND_EXECUTION]: The skill executes administrative commands via
kubectlto modify secrets and restart deployments, and usescurlfor network diagnostics. - Evidence:
kubectl create secret ...,kubectl rollout restart ..., andcurl -v https://api.supabase.cominreferences/immediate-actions-by-error-type.md. - [EXTERNAL_DOWNLOADS]: The skill queries external service status pages and application health endpoints, including Supabase's official API and status page.
- Evidence:
curl -sf https://api.yourapp.com/healthinreferences/examples.md. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes unvalidated external data from
curlcommands which could contain malicious instructions. - Ingestion points: Output from
curlhealth checks and status pages inSKILL.mdandreferences/examples.md. - Boundary markers: Absent; instructions do not provide delimiters or warnings to ignore instructions in tool output.
- Capability inventory: High-privilege
kubectlcommand execution and secret management inreferences/immediate-actions-by-error-type.md. - Sanitization: Absent; the skill does not specify validation or filtering of remote data before processing.
Audit Metadata