bi-builder
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes standard development commands to initialize the project environment, including package management (
npm install) and database schema synchronization (npx prisma db pull,npx prisma generate). These operations are restricted to the local development environment and are necessary for the skill's stated purpose of building BI dashboards. - [EXTERNAL_DOWNLOADS]: The skill installs several well-known libraries from the official NPM registry, such as Prisma, Recharts, and TanStack Table. These are standard industry dependencies for Next.js applications and present no unusual risk.
- [SAFE]: Data security is prioritized by instructing users to use read-only database accounts and providing templates for
.envfiles with placeholders rather than requesting direct credential input. - [SAFE]: Database interaction logic in the provided reference materials (e.g.,
data-layer.md) uses Prisma's tagged template literals for raw SQL queries (prisma.$queryRaw), which provides built-in protection against SQL injection by automatically parameterizing inputs.
Audit Metadata