postgres-drizzle
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill references standard, well-established development tools like drizzle-kit and drizzle-orm. All shell commands and library references are consistent with legitimate database development workflows.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials or sensitive data access patterns were found. The skill correctly demonstrates the use of environment variables for database connection strings.
- [Prompt Injection] (SAFE): The skill content is purely instructional and contains no attempts to override agent behavior, bypass safety filters, or extract system prompts.
- [Dynamic Execution] (SAFE): While the skill discusses migration generation, it does so within the context of established developer tools (drizzle-kit) rather than through unsafe runtime code generation or deserialization.
Audit Metadata