General Analysis (@gen_analysis)

Pinned

G

🧨 Caution: Cursor + Supabase MCP will leak your private SQL tables — it’s only a matter of time. In our latest test, a simple user message was enough to make Cursor leak integration_tokens to the attacker who submitted it. Here’s the anatomy of the breach 🧵 (1/6)

gen_analysis's tweet image. 🧨 Caution: Cursor + Supabase MCP will leak your private SQL tables — it’s only a matter of time.

In our latest test, a simple user message was enough to make Cursor leak integration_tokens to the attacker who submitted it. Here’s the anatomy of the breach 🧵 (1/6)

17

70

665

540

702.0K

General Analysis Retweeted

Y

Y Combinator@ycombinator · Jul 14

.@gen_analysis' MCP Guard is the first runtime firewall designed to secure every MCP tool call against prompt injection attacks. It's a free, open-source tool designed to validate, restrict, and log every MCP tool call. MCP Guard sits between your agents and MCP servers,…

6

11

97

72

16.0K

G

General Analysis@gen_analysis · Jul 13

We are releasing a free MCP guard soon! Stay tuned.

mmeowbooks@untitled01ipynb · Jul 13

here ye a story as old as time

0

1

3

1

701

G

General Analysis@gen_analysis · Jul 13

here ye a story as old as time

GGeneral Analysis@gen_analysis · Jun 24

🧨 Caution: Cursor + Supabase MCP will leak your private SQL tables — it’s only a matter of time. In our latest test, a simple user message was enough to make Cursor leak integration_tokens to the attacker who submitted it. Here’s the anatomy of the breach 🧵 (1/6)

0

1

9

0

2.0K

G

General Analysis@gen_analysis · Jul 6

Yeah ai app sec is going to continue to be a big deal

GGeneral Analysis@gen_analysis · Jun 24

🧨 Caution: Cursor + Supabase MCP will leak your private SQL tables — it’s only a matter of time. In our latest test, a simple user message was enough to make Cursor leak integration_tokens to the attacker who submitted it. Here’s the anatomy of the breach 🧵 (1/6)

1

5

37

13

5.0K

General Analysis Retweeted

S

Simon Willison@simonw · Jul 6

Wrote this up in a little more detail on my blog I think @supabase should directly mention the risk of lethal trifecta/prompt injection attacks in their MCP documentation simonwillison.net/2025/Jul/6/sup…

3

6

33

18

9.0K

General Analysis Retweeted

R

Rez Havaei@HavaeiRez · Jul 6

Founder of General Analysis here. For what it’s worth, I have said multiple times that I do not think this is Supabase’s fault. Your server was behaving exactly as it was supposed to. Technically speaking, the Supabase server has no way of knowing which tool calls are legitimate…

1

3

15

2

3.0K

G

General Analysis@gen_analysis · Jul 6

Here's another proof of concept example of a lethal trifecta attack: if you combine the Supabase MCP with another MCP that provides exposure to untrusted tokens and a way to send data back out again - in this case a support ticket system - attackers can steal your Supabase data

GGeneral Analysis@gen_analysis · Jun 24

The attacker begins by opening a new support ticket and submitting a carefully crafted message. The body of the message includes both a friendly question and a very explicit instruction block addressed directly to the Cursor agent. It is important to note that the support agent…

10

43

311

221

58.0K