schema-architect
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill uses clear, instructional language to guide the AI in schema design. There are no attempts to override safety filters, bypass instructions, or extract system prompts. Phrases such as 'Core assumption' and 'Required Outputs' are used appropriately for defining the skill's logic.
- [DATA_EXFILTRATION]: No network operations or commands to transmit data to external servers were found. The skill specifies writing output to a local directory (
docs/database-report/), which is standard for documentation tasks. No access to sensitive system files or environment variables is requested. - [REMOTE_CODE_EXECUTION]: The skill does not download or execute external scripts. It generates SQL DDL code, which is treated as text data for the user's report rather than code executed by the agent itself.
- [COMMAND_EXECUTION]: There are no shell commands, subprocess spawns, or privilege escalation attempts (
sudo,chmod). The skill's operations are confined to text analysis and file generation. - [OBFUSCATION]: The content is written in clear markdown and YAML. No hidden characters, Base64-encoded commands, or homoglyph-based evasions were detected.
- [INDIRECT_PROMPT_INJECTION]:
- Ingestion points: The skill processes user-provided business requirements and existing schema files (e.g.,
schema.prisma). - Boundary markers: None explicitly defined in the prompt templates.
- Capability inventory: File writing to
docs/database-report/and SQL generation. - Sanitization: No explicit sanitization of input requirements is mentioned, but the output is restricted to structured DDL and reports, minimizing the risk of autonomous malicious actions.
Audit Metadata