Supabase Anon Key Extraction

🔴 CRITICAL: PROGRESSIVE FILE UPDATES REQUIRED

You MUST write to context files AS YOU GO, not just at the end.

• Write to .sb-pentest-context.json IMMEDIATELY after each discovery
• Log to .sb-pentest-audit.log BEFORE and AFTER each action
• DO NOT wait until the skill completes to update files
• If the skill crashes or is interrupted, all prior findings must already be saved

This is not optional. Failure to write progressively is a critical error.

This skill extracts the Supabase anonymous (public) API key from client-side code.

When to Use This Skill

• After extracting the Supabase URL, to get the API key for testing
• To verify that only the anon key (not service key) is exposed
• Before running API audit skills that require authentication