supabase
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides templates for using
curlto perform database operations such as reading, inserting, updating, and deleting rows. These commands are necessary for the skill's stated purpose of providing a REST API interface. - [EXTERNAL_DOWNLOADS]: The skill initiates network requests to the
supabase.codomain. As Supabase is a well-known technology provider, these references are documented as standard operational requirements for the skill's functionality. - [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection (Category 8). * Ingestion points: Data is ingested into the agent's context through JSON responses from database queries performed via
curl. * Boundary markers: The instructions do not define delimiters or provide specific prompts to the agent to treat retrieved database content as untrusted data. * Capability inventory: Across all instructions, the agent is granted the capability to execute shell commands (curl) and perform local file writes (e.g., to/tmp/supabase_request.json). * Sanitization: There is no evidence of sanitization, filtering, or validation of the data retrieved from the database before it is processed by the agent.
Audit Metadata