Skills
skills/bytedance/agentkit-samples/byted-supabase/Gen Agent Trust Hub

byted-supabase

Warn

Audited by Gen Agent Trust Hub on May 4, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The requirements.txt file specifies a dependency (volcengine-python-sdk) to be installed directly from a personal GitHub repository (sjcsjcsjc/volcengine-python-sdk). This introduces a supply chain risk as the source is not a trusted organization or an official package registry.
  • [COMMAND_EXECUTION]: The skill uses a local CLI script (scripts/call_volcengine_supabase.py) to manage backend resources. Actions like execute-sql and apply-migration allow for the execution of arbitrary SQL queries provided by the user or read from files.
  • [REMOTE_CODE_EXECUTION]: The deploy-edge-function action enables the deployment and execution of arbitrary TypeScript, JavaScript, or Python code to the Supabase Edge Functions platform. While this is an intended management feature, it represents a high-privilege capability that could be misused.
  • [EXTERNAL_DOWNLOADS]: The EdgeFunctionTools class includes logic to fetch and deploy remote code. The deploy_edge_function method processes source code that is then sent to a remote API for execution.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 4, 2026, 03:14 AM
Security Audit — agent-trust-hub — byted-supabase