lovable-cloud-migration

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to read sensitive values (bcrypt encrypted_password hashes, signed URLs, service role keys/JWT secret) and place them verbatim into SQL statements and HTTP payloads (execute_sql / net.http_post), which requires the LLM to handle and emit secrets.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow explicitly ingests arbitrary project files and database/storage content from third-party sources (Lovable MCP query_database and read_file calls—e.g., SKILL.md Steps 1–15, Step 2 read_file package.json, Step 3 read_file supabase/config.toml, Steps 9–15 querying functions/triggers/storage, and Phase 8 GitHub clone/reads), and that untrusted user-generated content is parsed and used to decide actions (tech_stack, verify_jwt, function deployment, URL rewriting), so it could enable indirect prompt-injection via those inputs.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's edge-function templates (migrate-storage and the export template) import runtime code from https://esm.sh/@supabase/supabase-js@2, which will be fetched and executed by the deployed Deno edge functions and is a required runtime dependency for those migration functions.