Tests your Supabase Row Level Security policies for common bypass vulnerabilities and misconfigurations. It checks whether RLS is enabled on tables, attempts unauthenticated access with the anon key, tries cross-user data access, and probes for filter bypasses and join exploitation. You get a clear report showing which tables have no RLS protection at all (P0), which have overly permissive policies, and which are properly locked down. The output includes immediate SQL fixes for each finding. One thing to note: this skill is explicit about writing findings progressively to context files as it goes, not batching everything at the end, which makes sense if you're auditing a large project and don't want to lose results mid-run.
npx skills add https://github.com/yoanbernabeu/supabase-pentest-skills --skill supabase-audit-rls