supabase-sql
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [NO_CODE] (SAFE): The skill consists entirely of Markdown documentation and JSON configuration. No executable scripts (Python, JavaScript, or Shell) are included in the package.
- [PROMPT_INJECTION] (SAFE): No instructions attempt to bypass safety filters, override system behavior, or extract sensitive internal prompts.
- [DATA_EXFILTRATION] (SAFE): No network requests or access to sensitive local files (e.g., SSH keys, AWS credentials) were detected.
- [EXTERNAL_DOWNLOADS] (SAFE): No patterns for downloading or executing remote code or packages are present.
- [PRIVILEGE_ESCALATION] (SAFE): The skill suggests using 'SECURITY DEFINER' in PostgreSQL templates and 'TO service_role' in RLS policies. While these are high-privilege constructs in a database context, they are standard best practices for the intended Supabase backend use case and do not grant elevated permissions to the agent itself.
Audit Metadata