supabase-query

Fail

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill file contains two hardcoded, live authentication tokens for the Supabase Management API. The token 'sbp_64d15ce2602aced67109aa4324130f7eafa389f6' grants access to the 'Hermetic' account projects, including 'Midnight Sun' (ref: yjpiapfrayxaavhccher), 'Biogenesis War-Room' (ref: tnrtofrdfzjbrlqorgvl), and 'Community Projects' (ref: oexpwvjvnblxjmxfbksd). The token 'sbp_7d35e363115a3952471185b627bbf7971be75151' grants access to the 'Docti' account projects, including 'Docti BioGenesis App' (ref: gfncnmrlhctdtzkenxtp) and 'Docti (MCP-connected)' (ref: repzrsqutuktdzzxoiio).
  • [COMMAND_EXECUTION]: The skill utilizes the 'curl' shell command to perform database operations. It constructs requests to the Supabase Database API, incorporating user-defined SQL queries and authorizing them with the exposed Bearer tokens.
  • [EXTERNAL_DOWNLOADS]: The skill performs network requests to 'api.supabase.com', which is the official endpoint for Supabase, a well-known cloud database provider.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it interpolates untrusted user input directly into executable SQL queries and shell commands. * Ingestion points: The user's SQL input is placed into the '{SQL_QUERY}' placeholder in SKILL.md. * Boundary markers: There are no delimiters or markers to isolate the user-provided query from the command structure. * Capability inventory: The agent can execute database commands (SELECT, CREATE, ALTER, DROP) and perform network operations via curl. * Sanitization: There is no evidence of input validation, escaping, or filtering for the SQL content before execution.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 19, 2026, 11:30 AM
Security Audit — agent-trust-hub — supabase-query