supabase-skill
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is primarily instructional, providing expert-level documentation and patterns for Supabase development. It adheres to security best practices, such as promoting the use of Row Level Security (RLS) and providing guidance on avoiding SQL injection.
- [EXTERNAL_DOWNLOADS]: The skill provides instructions for installing official Supabase tools and libraries, such as the
@supabase/mcp-server-supabaseand@supabase/supabase-jsSDK. These originate from trusted, well-known organizations and are used as intended for service integration. - [COMMAND_EXECUTION]: The documentation includes standard CLI commands for environment setup and project management (e.g.,
claude mcp add,npx,supabase init). These commands are intended for the user to configure their local development environment and do not execute malicious or hidden payloads. - [CREDENTIALS_UNSAFE]: No hardcoded secrets, API keys, or tokens were found. All examples use descriptive placeholders such as
your_personal_access_token,your_project_ref, andsbp_your_token_herefor user configuration. - [PROMPT_INJECTION]: There are no patterns suggesting an attempt to override agent instructions, extract system prompts, or bypass safety filters. The skill includes educational content on how to protect against prompt injection and SQL injection in a production environment.
- [DATA_EXFILTRATION]: No suspicious network operations or sensitive file access patterns were detected. All network references target official Supabase infrastructure, documentation, and the Model Context Protocol specification.
Audit Metadata