supabase-audit-rpc

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill issues POST requests to arbitrary Supabase project RPC endpoints (e.g., POST https://[project].supabase.co/rest/v1/rpc/[function_name]) and reads/parses and stores the returned database records (including sample_data/PII), so it ingests untrusted, user-generated content from third‑party projects.