supabase-database-ops
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [PROMPT_INJECTION] (SAFE): No instructions to override behavior, bypass safety filters, or extract system prompts were detected. The skill reinforces security boundaries rather than attempting to circumvent them.
- [DATA_EXPOSURE] (SAFE): No hardcoded credentials, API keys, or secrets were found. The skill explicitly includes rules to prevent the exposure of the Supabase service role key in client-side components.
- [REMOTE_CODE_EXECUTION] (SAFE): No patterns for remote code execution, package installation, or script downloads from external sources were identified.
- [INDIRECT_PROMPT_INJECTION] (SAFE): This skill acts as a set of static coding guidelines for the agent. It does not ingest, process, or interpolate untrusted external data, and therefore lacks the attack surface for indirect prompt injection.
- [OBFUSCATION] (SAFE): The content is presented in clear, readable markdown with no evidence of encoding, hidden characters, or homoglyph attacks.
Audit Metadata