skills/miketromba/skills/supabase/Snyk

supabase

Warn

Audited by Snyk on Mar 6, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.80). This skill explicitly spawns a research sub-agent that fetches and parses public Supabase documentation from open URLs (e.g., https://supabase.com/llms/guides.txt and other https://supabase.com/... links) and uses those findings to drive code, configuration, and follow-up actions, so third-party page content can directly influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 1.00). The skill's research sub-agent is instructed to fetch and ingest external documentation at runtime (e.g. https://supabase.com/docs/llms.txt and https://supabase.com/llms/guides.txt), which will be injected into the agent's context and directly influence its prompts/responses.

Audit Metadata

Risk Level

MEDIUM

Analyzed

Mar 6, 2026, 09:18 PM