supabase-extract-url
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill uses high-pressure, imperative language to override agent behavior. Examples include 'CRITICAL: PROGRESSIVE FILE UPDATES REQUIRED', 'This is not optional', and 'FAILURE... IS NOT ACCEPTABLE'. These patterns are designed to force the agent to prioritize the skill's logging requirements over its own operational logic.
- INDIRECT PROMPT INJECTION (LOW): The skill is highly susceptible to indirect injection because it ingests untrusted data from external sources.
- Ingestion points: Reads content from target URLs, JavaScript source code, HTML meta tags, and local directories (e.g.,
./dist/assets/). - Boundary markers: Absent. There are no instructions to the agent to treat the analyzed code as data rather than instructions.
- Capability inventory: File system write access (
.sb-pentest-context.json,.sb-pentest-audit.log, and the.sb-pentest-evidence/directory) and network access (Reachability check for REST API endpoints). - Sanitization: Absent. The skill does not provide mechanisms to escape or filter content extracted from the web targets before processing.
- DATA_EXFILTRATION (LOW): While the skill primarily targets public code, it specifically seeks out environment variables and configuration files (
.env,process.env) which may contain sensitive internal metadata. This constitutes reconnaissance for further exploitation. - COMMAND_EXECUTION (LOW): The skill directs the agent to perform file system modifications, including the creation of hidden directories (
.sb-pentest-evidence/) and persistent log files (.sb-pentest-audit.log) which can be used to track agent activity on the host system.
Audit Metadata