supabase
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches documentation and security guidelines from official Supabase domains.
- [EXTERNAL_DOWNLOADS]: Performs connectivity checks to official Supabase infrastructure (mcp.supabase.com) to verify service status.
- [COMMAND_EXECUTION]: Utilizes the Supabase CLI and MCP server tools for schema management, SQL execution, and project maintenance.
- [COMMAND_EXECUTION]: Employs standard curl commands for non-invasive HTTP status checks.
- [PROMPT_INJECTION]: The skill ingests external documentation and user feedback, representing a surface for indirect prompt injection.
- Ingestion points: External markdown documentation from supabase.com and user feedback input for issue generation.
- Boundary markers: No explicit delimiters or warnings provided for documentation content.
- Capability inventory: SQL execution via execute_sql, file creation through CLI migration tools, and network connectivity tests.
- Sanitization: Relies on the agent's core safety filters; no custom sanitization or validation logic is implemented in the skill instructions.
Audit Metadata