supabase-mcp-db
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns or security risks were identified. The skill's functionality is consistent with its stated purpose and uses a vendor-aligned MCP server ('user-supabase-SantiagoXOR') for database interactions.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing external SQL migration files without explicit sanitization.\n
- Ingestion points: SQL files within the 'supabase/migrations/' directory.\n
- Boundary markers: Absent; no specific instructions exist to isolate the SQL content from potential malicious instructions.\n
- Capability inventory: The skill utilizes 'apply_migration' and 'execute_sql' tools to perform DDL and DML operations.\n
- Sanitization: Absent; the content is passed directly to the MCP tools.
Audit Metadata