supabase-automation
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the user to add an external MCP server at
https://rube.app/mcp. This endpoint provides the logic for all Supabase tools described in the skill. - [COMMAND_EXECUTION]: The skill exposes the
SUPABASE_BETA_RUN_SQL_QUERYtool, allowing the agent to execute arbitrary PostgreSQL statements. This provides full control over the database, though the skill explicitly recommends usingread_only: truefor non-mutating queries. - [CREDENTIALS_UNSAFE]: The tool
SUPABASE_GET_PROJECT_API_KEYSallows the agent to retrieve live service-role and anon keys. The skill correctly identifies these as sensitive and instructs the agent to mask or truncate these values in its output. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection if it processes data from a database that contains malicious instructions.
- Ingestion points: Data is ingested through
SUPABASE_SELECT_FROM_TABLEandSUPABASE_BETA_RUN_SQL_QUERYresults. - Boundary markers: No specific delimiters (like XML tags) are mandated for the processing of database content, though the skill provides guidance on using read-only transactions.
- Capability inventory: The skill has high-privilege write access via SQL execution and the ability to retrieve project secrets.
- Sanitization: There are no explicit sanitization or filtering instructions for data retrieved from the database before it is used in subsequent prompts.
Audit Metadata