supabase-dev-workflow
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill utilizes high-privilege tools including
execute_sqlandBash(supabase:*)to manage database schemas and local development environments. These tools allow the agent to run arbitrary commands on the host system and database instance. - [PROMPT_INJECTION] (HIGH): Indirect Prompt Injection Risk. The agent reads and executes content from SQL files in the
supabase/schemas/directory. An attacker could inject malicious instructions into these files to achieve arbitrary code execution or data exfiltration when the agent processes them. Ingestion points: SQL files insupabase/schemas/,ENTITIES.md. Boundary markers: None. Capability inventory:execute_sql,Bash(supabase:*). Sanitization: None. - [SAFE] (INFO): The provided SQL patterns correctly use
SECURITY INVOKERby default andSET search_path = ''to mitigate common PostgreSQL security risks like search path injection.
Recommendations
- AI detected serious security threats
Audit Metadata