supabase-audit-buckets-list

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly calls Supabase storage API endpoints (e.g., https://[project].supabase.co/storage/v1/bucket and /storage/v1/object/list/[bucket] and /storage/v1/object/[bucket]/[path]) to enumerate and access files that are likely user-uploaded/untrusted content which the agent is expected to read and interpret.