Tests whether you can actually read data from your Supabase tables using the anon key, then tells you exactly what's exposed. After listing tables, it runs SELECT queries to pull sample rows and flags anything sensitive like emails, API keys, or financial data. The output groups tables by severity (P0 for secrets and PII, P1 for partial exposure) and shows you exactly which columns are leaking. Worth running this before you realize someone's been scraping your users table for six months. It writes findings progressively to context files so you don't lose results if something crashes mid-test.
npx skills add https://github.com/yoanbernabeu/supabase-pentest-skills --skill supabase-audit-tables-read