This orchestrates a full security audit of Supabase apps through six phases: detection, credential extraction, API testing, storage checks, auth analysis, and reporting. It enforces progressive logging to context files as you go, not just at the end, so if something crashes mid-audit you don't lose findings. Each phase extracts keys, tests RLS policies, enumerates tables and buckets, then documents everything with curl commands and timestamped evidence. The workflow is rigid by design with mandatory checkpoints between phases. Use this when you need a structured pentest of your own Supabase project and want the discipline of documented, reproducible steps rather than ad-hoc poking around.
npx skills add https://github.com/yoanbernabeu/supabase-pentest-skills --skill supabase-pentest