supabase

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md instructs the agent to call arbitrary Supabase project endpoints (e.g., ${SUPABASE_URL}/rest/v1 in the "How to Use" and "Read All Rows" examples) and read table rows and related data, which are untrusted/user-generated third-party contents the agent would parse and could influence subsequent actions.