Tests your Supabase auth endpoints for user enumeration vulnerabilities by probing signup, login, password recovery, and OTP flows. It checks both explicit information leakage (different error messages for existing vs. non-existing users) and timing-based leakage (existing users take longer to process because of password hashing or email sending). The output is thorough, showing exact response times, providing proof-of-concept curl commands, and ranking vulnerabilities as P1 or P2. Most valuable during pre-launch security audits or if you're hardening an existing app. The progressive logging approach is smart since enumeration tests can take time and you don't want to lose findings mid-run.
npx skills add https://github.com/yoanbernabeu/supabase-pentest-skills --skill supabase-audit-auth-users