skills/1mangesh1/dev-skills-collection/supabase/Snyk

supabase

Warn

Audited by Snyk on Apr 14, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.90). The skill's workflow shows the agent reading and acting on user-generated content from the project's database and storage (e.g., supabase.from('posts').select('*'), realtime subscriptions in "Realtime" and message functions, and storage.download/getPublicUrl in SKILL.md), which are untrusted third-party inputs that could contain instructions influencing behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 1.00). The Edge Functions example imports and executes remote modules at runtime from https://deno.land/std@0.168.0/http/server.ts and https://esm.sh/@supabase/supabase-js@2, so the skill depends on fetching and running external code during execution.

Issues (2)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Apr 14, 2026, 01:23 AM

Issues

2