Dashboard Builder

If the service-role key is exposed or used too broadly, the dashboard could access or modify much more Supabase data than a normal signed-in user should.

The architecture indicates server-side use of the Supabase service role, and the scaffolded env example also asks for `SUPABASE_SERVICE_ROLE_KEY`; that key is high-privilege, while registry metadata declares no credential requirement and the artifacts do not narrowly bound its use.

A compromised or incorrect skill manifest could cause unintended tables, columns, or constraints to be generated and later pushed to the user's Supabase database.

The migration generator inserts manifest-provided SQL type strings into generated `CREATE TABLE` statements. It validates format, but the allow-list is broad enough that a bad or tampered manifest can still materially shape persistent database schema.

Running the migration workflow against the wrong skills directory could create more schema than intended.

The script processes every manifest in the selected skills directory, so one bad manifest can propagate into generated migrations for the shared dashboard database.

Future installs may use newer package versions than the author tested.

The scaffolder pulls packages from npm using `latest` and semver ranges. That is normal for a project generator, but it makes the generated result depend on external package state at run time.

The agent should not treat skill manifest text as commands.

The skill processes manifests that may contain untrusted text, and it explicitly includes prompt-injection defenses. This explains the static scan hit and is a useful guardrail rather than malicious behavior.