supabase-audit-rls

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill issues REST API requests to user-supplied Supabase endpoints (e.g., GET /rest/v1/users?select=* and the curl examples) and ingests table rows (including user-generated fields like comments/posts) as part of its audit workflow, so it clearly consumes untrusted third-party content from the project DB/API.