supabase-integration

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples that embed API keys and DB passwords directly in command-line arguments and config strings (e.g., --api-key "your-platform-api-key", postgres URLs with plaintext passwords), which requires the agent to handle or output secret values verbatim and is therefore insecure.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill includes migration and import scripts (e.g., scripts/export-from-platform.sh, scripts/migrate-platform-to-oss.sh and the Python transform/embedding scripts) that fetch JSON exports from the Mem0 Platform API and ingest user-generated memories (public/third-party content) which the agent is expected to read and process, exposing it to untrusted indirect prompt injection risk.