electric-new-feature
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill provides architectural patterns for synchronizing data between Postgres and a web application.
- [COMMAND_EXECUTION]: Provides standard Docker Compose and SQL commands for setting up a local development environment. These commands are routine for the described functionality.
- [EXTERNAL_DOWNLOADS]: References official Docker images (
postgres:17-alpine,electricsql/electric:latest) and standard Node.js libraries from the vendor's own organization. These resources are from trusted and well-known sources. - [DATA_EXPOSURE]: Includes a server-side proxy example that safely injects environment variables (
ELECTRIC_SECRET) into requests destined for the sync service, preventing secret leakage to the client-side. - [INDIRECT_PROMPT_INJECTION]: The skill implements data ingestion via database synchronization, but mitigates risk through the use of Zod schema validation for all incoming data.
Audit Metadata