supabase-automation
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Recommends configuring an external MCP server at https://rube.app/mcp. This domain is not part of the trusted vendors list or the author's identified infrastructure patterns.
- [COMMAND_EXECUTION]: Provides the SUPABASE_BETA_RUN_SQL_QUERY tool, which allows the execution of arbitrary PostgreSQL statements. This represents a significant capability that could lead to unauthorized data modification or deletion if the agent is manipulated.
- [CREDENTIALS_UNSAFE]: Includes the SUPABASE_GET_PROJECT_API_KEYS tool, which retrieves high-privilege service-role keys. While instructions suggest masking, the tool itself enables the exposure of administrative secrets.
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection. Ingestion points: Untrusted data is retrieved from database tables via SUPABASE_SELECT_FROM_TABLE and SUPABASE_GET_TABLE_SCHEMAS. Boundary markers: Absent; no instructions are provided to the agent to ignore commands embedded in the database content. Capability inventory: High-risk tools include SUPABASE_BETA_RUN_SQL_QUERY and SUPABASE_GET_PROJECT_API_KEYS. Sanitization: Absent; the skill does not require validation or escaping of the ingested database content before it is processed by the agent.
Audit Metadata