supabase-storage
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a utility toolset for Supabase Storage operations. No malicious behavior was detected. It follows security best practices by requesting credentials via environment variables rather than hardcoding them.
- [COMMAND_EXECUTION]: The bash snippets provided use variable interpolation (e.g.,
${STORAGE_PATH}) withincurlcommands. While this creates a surface for potential command injection if the agent does not sanitize inputs, this is the intended and primary functionality for a command-line utility skill of this nature. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it ingests data from external sources (the Supabase API, such as file lists). This is documented as an inherent characteristic of tools that process external content, and no specific exploitable patterns were found in the static code.
Audit Metadata