creating-client-singletons
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill utilizes the
Bashtool to performgrepandwcoperations. These commands are used solely to audit the user's codebase for multiple PrismaClient instantiations, which is the primary purpose of the skill. No arbitrary or suspicious command execution was found. - [DATA_EXFILTRATION] (SAFE): Although the skill references sensitive configuration files like
.envandDATABASE_URL, it does so to guide the user in setting appropriate connection limits. No network operations or commands to send data externally were detected. - [CREDENTIALS_UNSAFE] (SAFE): References to credentials in the documentation use generic placeholders (e.g.,
postgresql://user:pass@host). No actual secrets or API keys are hardcoded in the skill. - [PROMPT_INJECTION] (SAFE): The skill's instructions are focused on development best practices. There are no attempts to override system prompts, bypass safety filters, or extract system instructions.
- [EXTERNAL_DOWNLOADS] (SAFE): The skill mentions standard Node.js packages (
@prisma/client,jest-mock-extended) and does not attempt to download or execute scripts from untrusted external sources.
Audit Metadata