crud
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill ingests untrusted data from local files like
schema.prisma,drizzle.config.ts, andpackage.jsonto inform its logic. If these files are maliciously crafted, they could influence the agent's subsequentWriteorBashactions. - Ingestion points: reads configuration and schema files from the local filesystem (Phase 1: Entity Analysis).
- Boundary markers: No specific delimiters or instructions are provided to the agent to disregard natural language instructions found within the data files.
- Capability inventory: Access to
Write,Edit, andBashtools allows for significant system interaction based on processed input. - Sanitization: The skill lacks explicit sanitization or validation of the content read from files before using it in code generation prompts.
- [Command Execution] (SAFE): The skill uses the
Bashtool to run type checks and tests (Phase 4: Verification). This is appropriate for the stated purpose of verifying generated code and does not involve suspicious or obfuscated commands.
Audit Metadata