supabase-extract-anon-key
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Prompt Injection (LOW): The skill employs 'MANDATORY' and 'CRITICAL' language (e.g., 'FAILURE... IS NOT ACCEPTABLE') to override the agent's typical task execution flow, specifically regarding state management and file writing. This pattern is designed to ensure output is persisted even if the session is interrupted or safety filters are triggered.
- Indirect Prompt Injection (LOW): The skill is vulnerable to instructions embedded in the data it processes.
- Ingestion points: Client-side JavaScript files and web content from external URLs.
- Boundary markers: Absent. The skill does not provide delimiters or instructions to ignore malicious content within the parsed source code.
- Capability inventory: File writing (JSON, logs, and evidence files via the file system).
- Sanitization: Absent. Data extracted from the source files is directly interpolated into structured JSON and log files without escaping or validation.
- Data Exposure (LOW): The skill focuses on extracting API keys. While Supabase 'anon' keys are public by design, the automated logging and storage of these keys in local files (
.sb-pentest-context.json) creates a local data footprint that could be exploited by subsequent malicious tools or skills.
Audit Metadata