supabase-vercel-shop
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- External Downloads (SAFE): The skill configures a project-specific MCP server using
@supabase/mcp-server-supabasevia npx.\n - Evidence: Found in
SETUP.mdconfiguration examples.\n - Status: The download originates from a Trusted External Source (
supabaseorganization), which downgrades the finding severity per the [TRUST-SCOPE-RULE].\n- Indirect Prompt Injection (LOW): The skill implements a CMS architecture where external data is ingested from the database and processed, creating an attack surface for indirect instructions.\n - Ingestion points: Data enters the context via the
page_contenttable (DATABASE.md) anduser_metadatafields such asfull_name(AUTH.md).\n - Boundary markers: Absent; the code snippets do not show explicit delimiters or instructions for the agent to ignore embedded commands in the CMS strings.\n
- Capability inventory: The agent has capabilities to perform database operations and dispatch emails via the Resend API.\n
- Sanitization: No explicit sanitization or strict schema validation for content fields was observed in the provided logic.\n- Privilege Management (LOW): The application uses
service_roleclients to perform administrative operations that bypass standard RLS.\n - Evidence:
AUTH.mdutilizescreateServiceRoleClient()for role queries and user invitation management.\n - Risk: While standard for these operations, it necessitates strict protection of the
SUPABASE_SERVICE_ROLE_KEY, which the skill correctly identifies in the setup instructions.
Audit Metadata