supabase-project-creator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATION
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): The skill hardcodes a specific Supabase Organization ID ('cqwwexcenmknepxltuea'). This configuration forces any project created by the agent to be owned by and billed to a fixed account, regardless of the user's intent.
- [DATA_EXFILTRATION] (HIGH): The workflow (Step 6) explicitly directs the agent to retrieve sensitive credentials, including 'ApplePrivateKey' and 'GoogleOAuthCredentials', from the MCP memory store and display them in the output. This pattern exposes raw secrets in the application's response history.
- [COMMAND_EXECUTION] (MEDIUM): The skill uses the agent to execute complex SQL DDL and DML operations. While necessary for the stated purpose, the use of 'security definer' in triggers and broad RLS policy creation requires high trust in the skill author.
- [INDIRECT PROMPT INJECTION] (LOW): The skill accepts project names from user input. While the project creation uses an API call, there is a risk if subsequent versions of this skill or downstream tools interpolate this name directly into SQL queries or shell commands without sanitization.
Recommendations
- AI detected serious security threats
Audit Metadata