schema-patterns
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is highly susceptible to Indirect Prompt Injection (Category 8) because it ingests untrusted user requirements to generate SQL code that is subsequently executed against a database via the Supabase CLI. An attacker could inject malicious SQL logic (e.g., exfiltration triggers or RLS bypasses) into the 'pattern requirements'. * Ingestion points: User-provided pattern requirements processed in SKILL.md. * Boundary markers: Absent; there are no delimiters or instructions to ignore embedded commands in the SQL templates. * Capability inventory:
generate-schema.sh(file write),apply-migration.sh(executessupabase db push). * Sanitization:validate-schema.shis present but only checks for stylistic best practices and naming conventions, not malicious SQL intent or logic. - [COMMAND_EXECUTION] (MEDIUM): The scripts
generate-schema.shandapply-migration.shtake file paths as command-line arguments and use them directly in shell operations (cat,cp,sed) without sanitization. An attacker could provide manipulated paths (e.g., path traversal or paths starting with hyphens) to overwrite unintended local files or inject flags into thesedcommand.
Recommendations
- AI detected serious security threats
Audit Metadata