Audits your Supabase Edge Functions for security holes by discovering exposed endpoints and testing them for auth bypasses, IDOR vulnerabilities, and privilege escalation issues. It'll systematically probe each function it finds (through client code analysis and common name enumeration) and check whether authentication is actually enforced, if users can access other users' data, and if admin functions are properly locked down. The output is detailed with actual curl commands showing exploits. Writes findings progressively to context files as it goes, which matters if you're testing a bunch of functions and don't want to lose results mid-audit. Most useful when you've got custom Edge Functions handling payments, user data, or admin operations and want to verify they're not accidentally wide open.
npx skills add https://github.com/yoanbernabeu/supabase-pentest-skills --skill supabase-audit-functions