supabase
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs and uses the
@membranehq/clipackage from NPM. This is a legitimate vendor resource used to facilitate the integration. - [COMMAND_EXECUTION]: Provides instructions for running
membraneCLI commands to authenticate, list connections, and execute database actions. These operations are scoped to the intended functionality of the skill. - [CREDENTIALS_UNSAFE]: The skill follows security best practices by explicitly instructing the agent never to ask users for API keys or secrets, delegating credential management to the Membrane platform.
- [INDIRECT_PROMPT_INJECTION]: The skill processes action descriptions and schemas from external connections. While this presents an ingestion surface for untrusted data, the risk is minimal given the structured nature of the data and the managed execution environment.
Audit Metadata