Drizzle ORM
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill facilitates reading from and writing to external databases, creating a surface for indirect prompt injection if the database contains malicious instructions intended for the AI agent.
- Ingestion points: Data fetched via
db.select()anddb.queryoperations inreferences/queries.mdandtemplates/db.ts. - Boundary markers: Absent; the templates do not include specific delimiters or warnings to prevent the agent from obeying instructions found within database records.
- Capability inventory: Database read/write operations and schema migrations via
drizzle-kit. - Sanitization: Drizzle ORM uses parameterized queries by default, protecting against SQL injection, but does not explicitly sanitize fetched data against LLM-level prompt injection.
Audit Metadata