drizzle-migration
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill executes local
bun runcommands to perform database schema generation and migrations. These actions are appropriate for the tool's primary purpose. - [PROMPT_INJECTION] (LOW): The skill presents an indirect prompt injection surface (Category 8) as it ingests local schema files to determine agent actions. \n
- Ingestion points: TypeScript schema files in
packages/asset-forge/server/db/schema/. \n - Boundary markers: Absent; the skill relies on the agent interpreting the schema directly. \n
- Capability inventory: Includes the ability to execute bash commands, read files, and edit files. \n
- Sanitization: Absent; the skill assumes schema files are trusted project code.
- [DATA_EXPOSURE] (LOW): The skill refers to
http://test-db-studio:4983for Drizzle Studio, which is a non-standard domain outside the whitelisted localhost/127.0.0.1 range.
Audit Metadata