supabase
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes the
supabaseCLI to perform operations likedb push,db reset, andmigration new. These commands are standard for database management and include built-in confirmation prompts for destructive or remote actions. - [DATA_EXPOSURE]: The skill includes a local database URL (
postgresql://postgres:postgres@127.0.0.1:54322/postgres). This uses the default credentials for the Supabase local development environment and does not expose sensitive production credentials. - [INDIRECT_PROMPT_INJECTION]: The skill reads and processes SQL migration files from the local filesystem. Ingestion points:
supabase/migrations/*.sql. Boundary markers: Absent. Capability inventory:Bash(CLI execution),Write(File system). Sanitization: Absent. This presents a theoretical surface for indirect prompt injection if an attacker controls the migration content, though no specific exploits were found.
Audit Metadata