lovable-cloud-supabase-migration-chat

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly reads and copies secret-bearing content (edge function source files, signed URLs, bcrypt hashes, and SQL INSERT payloads) and instructs passing those verbatim in MCP/tool calls, forcing the LLM to include secret values in its generated outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests user-generated project content via the Lovable MCP (e.g., Lovable MCP:read_file for package.json and supabase/config.toml, Lovable MCP:read_file for supabase/functions//index.ts, and Lovable MCP:query_database / storage object URLs) and uses that content to decide deployment parameters (tech_stack, verify_jwt), generate SQL, and drive migrations, so untrusted third-party data can materially influence tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly requires the Lovable MCP (https://mcp.lovable.dev) at runtime to read source files (e.g., supabase/functions//index.ts) and then uses the Supabase MCP (https://mcp.supabase.com/mcp) to deploy those files as edge functions, so remote content fetched during execution directly results in code being deployed/executed on the destination.