skills/jeremylongshore/claude-code-plugins-plus-skills/supabase-upgrade-migration/Gen Agent Trust Hub
supabase-upgrade-migration
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill utilizes dynamic context injection via shell commands to retrieve lists of installed npm and Python packages. This provides the agent with necessary context for the upgrade process and uses benign, read-only commands.
- [SAFE]: Dependency management is handled through the official Supabase SDK (@supabase/supabase-js), which is a well-known and trusted package.
- [SAFE]: The skill uses placeholders for sensitive information (e.g., 'apiKey: xxx') in documentation examples, preventing accidental credential exposure.
- [SAFE]: The 'allowed-tools' configuration appropriately restricts the agent's environment by scoping Bash execution to specific command prefixes (npm, git), following the principle of least privilege.
Audit Metadata