Skills
skills/jg-chalk-io/nora-livekit/moai-baas-supabase-ext/Gen Agent Trust Hub

moai-baas-supabase-ext

Pass

Audited by Gen Agent Trust Hub on Mar 2, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill provides comprehensive and legitimate architectural guidance for enterprise Supabase deployments, including RLS policy templates and migration strategies.
  • [EXTERNAL_DOWNLOADS]: The documentation examples reference standard and well-known libraries from trusted CDNs such as deno.land and esm.sh (e.g., @supabase/supabase-js).
  • [COMMAND_EXECUTION]: The skill is authorized to use Bash and Write tools, which are powerful capabilities. While these are appropriate for its purpose as a development assistant, they represent an exploitable surface if the agent is misled.
  • [PROMPT_INJECTION]: The skill exhibits an Indirect Prompt Injection surface (Category 8).
  • Ingestion points: Processes ApplicationRequirements from users and fetches external documentation via the mcp__context7__get-library-docs tool.
  • Boundary markers: None explicitly defined in the logic to isolate external data from internal instructions.
  • Capability inventory: Includes Bash, Write, Edit, and WebFetch, allowing for file modification and code execution.
  • Sanitization: No specific sanitization or validation logic is present in the skill's instructions for handling external data.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 2, 2026, 05:14 PM