rls-test-patterns
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): SQL Injection in RLS testing scripts. Multiple scripts (
scripts/test-role-permissions.sh,scripts/test-anonymous-access.sh,scripts/audit-rls-coverage.sh) directly interpolate shell variables into SQL strings (e.g.,INSERT INTO public.$table). This allows for arbitrary SQL execution if the table names are not strictly validated or escaped before being passed topsql. - [PROMPT_INJECTION] (HIGH): Indirect Prompt Injection via Database Metadata. The skill's automated workflow discovers table names from the database schema and passes them to scripts that perform high-privilege SQL operations. An attacker who can influence the database schema (e.g., by creating or renaming tables) can inject malicious SQL payloads into object names, which the agent will then execute using the permissions of the
SUPABASE_DB_URL. - [DATA_EXFILTRATION] (LOW): Exposure of Database Credentials. The skill requires the
SUPABASE_DB_URLenvironment variable, which contains a plaintext password. Any compromise of the agent's environment would expose these full administrative credentials. - [COMMAND_EXECUTION] (LOW): High-privilege Auth Operations. The
scripts/test-role-permissions.shscript performs direct INSERT and DELETE operations on theauth.userstable. While intended for isolation testing, this high-privilege capability could be abused if the script is subverted or fails to clean up properly.
Recommendations
- AI detected serious security threats
Audit Metadata