skills/jeremylongshore/claude-code-plugins-plus/supabase-schema-from-requirements/Gen Agent Trust Hub
supabase-schema-from-requirements
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it parses untrusted external documents (business requirements or specification documents) to generate SQL migrations and execute CLI commands. * Ingestion points: Business requirements, PRDs, or specification documents identified in Step 1. * Boundary markers: Absent; there are no delimiters or instructions provided to the agent to treat the input document strictly as data and ignore potential instructions embedded within it. * Capability inventory: The skill uses Write, Edit, and Bash tools to manage files and execute Supabase CLI commands (npx supabase). * Sanitization: No validation or sanitization is performed on the input text before it is used to generate logic or commands.
- [COMMAND_EXECUTION]: The skill uses the Supabase CLI and npx for database operations like creating migrations, pushing schemas, and generating types. This is the primary and intended function of the skill.
- [EXTERNAL_DOWNLOADS]: The instructions guide users to install the Supabase CLI via NPM, which is a well-known and standard service for software development.
Audit Metadata