supabase-cli
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill center around the execution of powerful CLI commands including 'supabase db reset', 'docker volume prune', and direct SQL execution via 'psql'. This provides a broad attack surface if the agent is directed to run these on untrusted inputs.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The documentation recommends 'npm install' and 'git clone REPO_URL'. Without strict verification of the source URL, an agent might download and execute malicious packages or scripts.
- [CREDENTIALS_UNSAFE] (HIGH): The skill provides explicit instructions for retrieving and storing 'SUPABASE_SERVICE_ROLE_KEY' and 'DATABASE_URL' in local '.env.local' files. These credentials provide full administrative access to the database and backend services.
- [INDIRECT_PROMPT_INJECTION] (HIGH): The skill's core functions ('git pull', 'supabase db pull', 'psql -f query.sql') ingest external, potentially attacker-controlled data. 1. Ingestion points: 'git pull' and 'supabase db pull' fetch remote content. 2. Boundary markers: None present in the instructions. 3. Capability inventory: 'supabase db push', 'psql', and 'npm' provide code execution and data modification capabilities. 4. Sanitization: No sanitization or validation of the pulled schema or scripts is mentioned, allowing malicious instructions to reach the agent's execution context.
Recommendations
- AI detected serious security threats
Audit Metadata