state-db
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill reads data from a remote Supabase database that could contain malicious instructions designed to influence the agent's behavior when the data is processed.
- Ingestion points: Results from Supabase REST API queries (GET requests) are returned to the agent context (SKILL.md).
- Boundary markers: Absent. The skill returns raw JSON data from the database without delimiters or instructions to ignore embedded commands.
- Capability inventory: The skill uses network operations via curl and JSON processing via jq to manage data (SKILL.md).
- Sanitization: Absent. No validation or filtering is performed on the data retrieved from the database before it is provided to the agent.
- [COMMAND_EXECUTION]: The skill uses the curl command-line tool to perform REST API operations (GET, POST, PATCH, DELETE) against a Supabase backend. This behavior is consistent with the skill's stated purpose of providing persistent storage and correctly utilizes environment variables (e.g., $STATE_DB_SUPABASE_URL) for configuration rather than hardcoding credentials.
Audit Metadata