supabase-database
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [Prompt Injection] (SAFE): No direct injection patterns or attempts to override system instructions were found.
- [Data Exposure & Exfiltration] (LOW): The skill performs network requests to Supabase APIs using an API key provided via environment variables. This is consistent with its intended purpose, though the domain is not in the explicit whitelist.
- [Obfuscation] (SAFE): No obfuscated code, hidden characters, or encoding techniques were detected.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill references a local helper script (supabase-api.sh) but does not download or execute remote code from external URLs.
- [Privilege Escalation] (SAFE): No usage of sudo or commands attempting to modify system permissions were found.
- [Persistence Mechanisms] (SAFE): No attempts to modify startup scripts or establish persistent access were detected.
- [Metadata Poisoning] (SAFE): The metadata fields (name, description) accurately represent the skill's functionality.
- [Indirect Prompt Injection] (LOW): * Ingestion points: Data retrieved from Supabase tables via the
supabase_getfunction. * Boundary markers: No delimiters or instructions to ignore embedded commands are present when processing results. * Capability inventory: Capabilities include performing full CRUD operations and executing RPC functions via curl. * Sanitization: The documentation does not specify sanitization or escaping of data retrieved from the database. - [Time-Delayed / Conditional Attacks] (SAFE): No logic gating behavior based on time, version, or environmental conditions was found.
- [Dynamic Execution] (SAFE): No runtime code generation, compilation, or unsafe deserialization of data was detected.
Audit Metadata