supabase-backend
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- SAFE (SAFE): No malicious patterns, obfuscation, or persistence mechanisms were found across the provided files. The skill is entirely instructional.
- CREDENTIALS_UNSAFE (LOW): While the skill includes regex patterns to detect hardcoded keys (e.g., JWT headers), these are for analysis of user code and do not contain actual secrets or expose existing credentials.
- INDIRECT_PROMPT_INJECTION (LOW): The skill is designed to ingest and analyze user code. It lacks executable tools, filesystem access, or network capabilities, which prevents any instructions within user code from triggering side effects outside of the agent's textual response.
- DATA_EXFILTRATION (SAFE): All network-related examples (e.g., Supabase client initialization) use standard environment variables and occur within the context of a developer's own application patterns, not as a function of the skill itself.
Audit Metadata