supabase-sql
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: The skill contains instructional content and reference templates for PostgreSQL and Supabase development. No executable scripts, network requests, or sensitive data access patterns were found in the provided files.
- [PROMPT_INJECTION]: The skill is designed to process untrusted user-provided SQL, which presents a surface for indirect prompt injection. However, the risk is negligible as the skill has no external capabilities or tools to exploit.
- Ingestion points: User-provided SQL scripts via the "fix SQL" and "clean migration" triggers in SKILL.md.
- Boundary markers: Absent. The skill does not instruct the agent to use specific delimiters or to ignore instructions within the SQL input.
- Capability inventory: None. The skill does not define any tool permissions, subprocess calls, or network operations.
- Sanitization: Absent. The input is treated as raw text for transformation into a standardized format.
Audit Metadata