supabase

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes the supabase CLI to perform operations like db push, db reset, and migration new. These commands are standard for database management and include built-in confirmation prompts for destructive or remote actions.
  • [DATA_EXPOSURE]: The skill includes a local database URL (postgresql://postgres:postgres@127.0.0.1:54322/postgres). This uses the default credentials for the Supabase local development environment and does not expose sensitive production credentials.
  • [INDIRECT_PROMPT_INJECTION]: The skill reads and processes SQL migration files from the local filesystem. Ingestion points: supabase/migrations/*.sql. Boundary markers: Absent. Capability inventory: Bash (CLI execution), Write (File system). Sanitization: Absent. This presents a theoretical surface for indirect prompt injection if an attacker controls the migration content, though no specific exploits were found.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 10:18 AM
Security Audit — agent-trust-hub — supabase