electric-proxy-auth
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill utilizes the official @electric-sql/client package, which is a trusted library provided by the vendor for interacting with Electric SQL services.
- [PROMPT_INJECTION]: The skill addresses potential indirect injection surfaces at the proxy layer and provides explicit remediation patterns to ensure secure data handling.
- Ingestion points: Client-provided data enters the system context via search parameters in request.url within the proxy route implementation (SKILL.md).
- Boundary markers: The implementation includes a strict whitelist of allowed protocol parameters using ELECTRIC_PROTOCOL_QUERY_PARAMS to prevent clients from overriding sensitive configuration.
- Capability inventory: The code performs network requests using the fetch API to communicate with a backend Electric server.
- Sanitization: The skill mandates the use of positional parameters ($1, $2) for SQL WHERE clauses and provides logic to filter out untrusted search parameters before forwarding requests to the database layer.
Audit Metadata