This is a critical security check that scans your client-side code for exposed PostgreSQL connection strings, which is a P0 vulnerability if found. It looks for full database URLs, leaked environment variables, and partial credential exposure in JavaScript bundles. If it finds a connection string with password in your client code, it means anyone can bypass your API and Row Level Security to connect directly to your database. The skill progressively logs findings to context files as it runs and gives you immediate remediation steps, starting with resetting your database password. Run this as part of any Supabase security audit or before production deployments.
npx skills add https://github.com/yoanbernabeu/supabase-pentest-skills --skill supabase-extract-db-string