supabase-connect
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE] (MEDIUM): The skill identifies and reads sensitive .env files (e.g., ~/.env, .env.local) to extract SUPABASE_DB_PASSWORD and other credentials using shell commands like cat and grep in REFERENCE.md. Although necessary for the primary skill purpose, accessing files containing hardcoded secrets via shell history is a high-risk operation.
- [COMMAND_EXECUTION] (MEDIUM): The skill uses a template to dynamically generate a local file (scripts/supabase_query.mjs) and execute it via the node runtime. This pattern of generating then executing local scripts is a known vector for code injection if the SQL or connection variables are sourced from untrusted input.
- [PROMPT_INJECTION] (LOW): The skill presents an indirect prompt injection surface. Evidence Chain: 1. Ingestion points: SQL query strings defined in REFERENCE.md and SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: DB write/execute via client.query in the generated .mjs script. 4. Sanitization: Absent; queries are executed as raw strings.
- [SAFE] (LOW): The connection configuration in both SKILL.md and REFERENCE.md explicitly disables SSL validation by setting rejectUnauthorized to false. This is a security best practice violation that exposes the database session to Man-in-the-Middle (MitM) interceptions.
Audit Metadata