supabase-local-dev-loop
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it is designed to read and process contents from the local project directory. Ingestion points: The implementation guide directs the agent to interact with files in
src/,tests/, and.env.local. Boundary markers: There are no explicit instructions or delimiters to ensure the agent ignores potential instructions embedded within these external files. Capability inventory: The skill utilizesBash(npm:*),Bash(pnpm:*),Write, andEdittools to perform setup and development tasks. Sanitization: No validation or sanitization of file content is specified before the agent processes or executes logic based on those files. - [COMMAND_EXECUTION]: The skill uses Bash to execute package management and development commands such as
npm installandnpm run dev. While restricted to the npm/pnpm namespace, these operations involve executing scripts defined in the project'spackage.json. - [EXTERNAL_DOWNLOADS]: The skill references and installs standard dependencies including
@supabase/supabase-js,vitest, andtsxfrom well-known registries and official repositories.
Audit Metadata