supabase-realtime
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (SAFE): The skill implements a data ingestion surface via database triggers.
- Ingestion points: SQL triggers in
scripts/create_broadcast_trigger.sqlread data from database rows (NEW/OLD variables). - Boundary markers: None; data is transmitted as standard JSON payloads.
- Capability inventory: The skill enables broadcasting data from the database to connected clients via
realtime.broadcast_changesinscripts/create_broadcast_trigger.sql. - Sanitization: Data is broadcast as-is from the database tables. While this creates a surface if the database contains malicious instructions, the skill does not use an LLM to process this data.
- [Privilege Escalation] (SAFE): SQL functions use
SECURITY DEFINERto enable cross-schema interaction with the Supabaserealtimeschema. This is an idiomatic practice for Supabase Realtime triggers and is properly mediated by application-level RLS policies provided in the guides. - [Data Exposure & Exfiltration] (SAFE): No hardcoded secrets, sensitive file paths, or unauthorized network operations were detected. All code examples use placeholders for configuration.
Audit Metadata