skills/jeremylongshore/claude-code-plugins-plus-skills/supabase-migration-deep-dive/Gen Agent Trust Hub
supabase-migration-deep-dive
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads the official '@supabase/supabase-js' SDK via npm, which is a trusted dependency from a well-known and verified organization.
- [COMMAND_EXECUTION]: Standard bash commands including 'find', 'grep', and 'npm' are used to analyze the local project structure and verify connectivity, which is consistent with the skill's stated purpose of facilitating a platform migration.
- [PROMPT_INJECTION]: The skill identifies and reads local source code and configuration files, presenting an indirect prompt injection surface where untrusted data could influence agent behavior. 1. Ingestion points: Local project files and environment variables accessed during the assessment phase in 'references/pre-migration-assessment.md'. 2. Boundary markers: None present; the skill lacks explicit delimiters or instructions to ignore embedded commands within processed files. 3. Capability inventory: The skill is granted access to 'Bash' (with npm, node, and kubectl permissions), 'Read', 'Write', and 'Edit' tools. 4. Sanitization: No evidence of content validation or sanitization is present before the agent processes the ingested data.
Audit Metadata