Missing User Warnings
Medium
- Confidence
- 89% confidence
- Finding
- The skill explicitly promotes use of a Supabase service role key but does not warn that this credential is highly privileged and can bypass normal row-level security controls. In the context of checkpointing, this can expose conversation state, tool outputs, and other sensitive application data if the key is mishandled, logged, or reused insecurely, and the description also omits any security guidance about transmitting that data to a remote REST endpoint.
