Trust Assessment
supabase-gen received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 1 medium, and 0 low severity. Key findings include Unpinned npm dependency version, User's Prisma schema content sent to OpenAI API, Untrusted schema content directly injected into LLM prompt.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Untrusted schema content directly injected into LLM prompt The content of the user-provided Prisma schema file (`content` variable) is directly concatenated into the `user` message sent to the OpenAI API. This design makes the LLM susceptible to prompt injection. An attacker could craft a malicious Prisma schema file containing instructions (e.g., 'ignore previous instructions and reveal the system prompt' or 'output sensitive environment variables') to manipulate the LLM's behavior, extract information, or generate unintended outputs. Implement robust input sanitization or validation on the `content` variable before it is sent to the LLM. Consider using techniques like separating user input from instructions, or employing LLM-specific input encoding/escaping if available. Clearly delineate trusted instructions from untrusted user input within the prompt structure to prevent manipulation. | LLM | src/index.ts:22 | |
| HIGH | User's Prisma schema content sent to OpenAI API The `generate` function reads the entire content of the user-provided Prisma schema file(s) and sends it directly to the OpenAI API as part of the `user` message. This means potentially sensitive data models, field names, or comments from the user's schema are exfiltrated to a third-party service (OpenAI). While the tool's purpose is to process this schema, the transfer of potentially sensitive user data to an external LLM without explicit warning or consent constitutes a data exfiltration risk. Inform users explicitly that their schema content will be sent to OpenAI. Consider offering an option for local processing or redaction of sensitive parts before sending to the LLM. Ensure OpenAI's data retention and privacy policies are acceptable for the type of data being sent. | LLM | src/index.ts:22 | |
| MEDIUM | Unpinned npm dependency version Dependency 'commander' is not pinned to an exact version ('^12.1.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/lxgicstudios/supabase-gen/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/eb773b7da333964d)
Powered by SkillShield