Skills
skills/sickn33/antigravity-awesome-skills/supabase-automation/Gen Agent Trust Hub

supabase-automation

Warn

Audited by Gen Agent Trust Hub on Apr 14, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill provides tools such as SUPABASE_GET_PROJECT_API_KEYS that can retrieve sensitive service-role keys. While the instructions advise the agent against exposing these keys, the functionality itself allows for high-stakes credential access.
  • [COMMAND_EXECUTION]: Through the SUPABASE_BETA_RUN_SQL_QUERY tool, the agent can execute arbitrary SQL statements on the connected database, enabling the potential for unauthorized data modification or deletion.
  • [EXTERNAL_DOWNLOADS]: The setup process requires users to add an external MCP server endpoint (https://rube.app/mcp), introducing a dependency on a third-party service provider.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data via SUPABASE_SELECT_FROM_TABLE (SKILL.md) without defined boundary markers or sanitization steps. This ingestion is combined with high-impact capabilities including arbitrary SQL execution (SUPABASE_BETA_RUN_SQL_QUERY) and secret retrieval (SUPABASE_GET_PROJECT_API_KEYS), creating a vector where malicious data in a database table could influence privileged agent actions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 14, 2026, 07:00 PM