This audits Supabase storage by enumerating all buckets and their configurations, flagging security issues like publicly accessible backup buckets or unrestricted MIME types. You'd run it early in a pentest to map the storage attack surface before testing individual bucket permissions. The output categorizes findings by severity (P0 for sensitive data exposed publicly, P1 for risky configs like wildcarded file types) and suggests immediate fixes. One thing to note is the aggressive emphasis on progressive file updates, writing findings to context files after each bucket discovered rather than batching at the end. This makes sense for audit tooling where you don't want to lose results to a crash, though the repeated warnings about it feel a bit heavy handed in the documentation.
npx skills add https://github.com/yoanbernabeu/supabase-pentest-skills --skill supabase-audit-buckets-list