Supabase MCP can leak your entire SQL database (via) Here's yet another example of a lethal trifecta attack, where an LLM system combines access to private data, exposure to potentially malicious instructions and a mechanism to communicate data back out to an attacker. In this case, General Analysis identify all three components in a single MCP - the Supabase MCP. They imagine a scenario where a developer asks Cursor, running the Supabase MCP, to "use cursor’s agent to list the latest support ti...