supabase-security
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- Prompt Injection (SAFE): No instructions to bypass safety filters or override system constraints were found in the skill metadata or instructions.- Data Exposure & Exfiltration (SAFE): No hardcoded credentials or unauthorized data access patterns are present. The included regex patterns are used for defensive detection of exposed keys.- Unverifiable Dependencies & Remote Code Execution (SAFE): No external dependencies, package installations, or remote script execution logic identified.- Indirect Prompt Injection (LOW):\n
- Ingestion points: Processes user queries and code samples for security review as specified in SKILL.md.\n
- Boundary markers: Absent; the skill does not use specific delimiters to separate user-provided content from its own instructions.\n
- Capability inventory: Restricted to generating educational text and SQL code snippets; no tools for command execution, file modification, or network requests are provided.\n
- Sanitization: No specific input sanitization or validation of untrusted code blocks is performed before processing.- Obfuscation (SAFE): Content is clearly readable and contains no hidden characters, homoglyphs, or multi-layer encoding.
Audit Metadata