kw-check-migrations-supabase
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes shell commands using the
supabaseCLI tool vianpxto interact with the database environment, includingdb pushandmigration listoperations. - [EXTERNAL_DOWNLOADS]: Downloads the
supabasepackage from the official npm registry at runtime usingnpxto ensure the availability of the required command-line tools. - [PROMPT_INJECTION]: Analyzes SQL files located in the
supabase/migrations/directory to provide explanations to the user. This creates a surface for indirect prompt injection where malicious instructions embedded in SQL comments could attempt to influence the agent's output or workflow. - Ingestion points: SQL files within the
supabase/migrations/directory. - Boundary markers: Absent. The agent is instructed to read the files directly without specific delimiters or instructions to ignore embedded commands.
- Capability inventory: Capability to execute shell commands (
npx supabase) and modify remote database state. - Sanitization: No content validation or sanitization is performed on the migration files prior to processing.
Audit Metadata