skills/jeremylongshore/claude-code-plugins-plus-skills/supabase-policy-guardrails/Gen Agent Trust Hub
supabase-policy-guardrails
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool with npx to run the ESLint utility as shown in the examples (references/examples.md). This is an expected behavior for code quality and security tools.
- [PROMPT_INJECTION]: The skill is designed to analyze external source code, which creates a surface for indirect prompt injection attacks.
- Ingestion points: Source code files read by the ESLint plugin defined in references/eslint-rules.md.
- Boundary markers: The skill does not implement specific delimiters or instructions to ignore embedded commands in the files it processes.
- Capability inventory: The skill is granted Read, Write, Edit, and Bash permissions in SKILL.md.
- Sanitization: No explicit sanitization or filtering of external code content is performed before processing.
Audit Metadata