supabase-audit-functions

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill's required progressive logging and evidence files include curl commands and Authorization headers that would need real JWTs or tokens embedded verbatim (e.g., "Authorization: Bearer ..."), forcing the agent to handle/output secrets directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill actively sends requests to and ingests responses from Supabase Edge Function endpoints (e.g., https://[project].supabase.co/functions/v1/...) and webhook endpoints, reading and logging response bodies and error messages (user-generated/untrusted content) as part of its audit workflow.