The Agent Skills Directory

Indirect Prompt Injection (HIGH): The skill presents a significant vulnerability surface because it processes untrusted content (database schemas and seed scripts) and possesses high-trust write and execute capabilities.\n
Ingestion points: The agent processes database schema definitions (prisma/schema.prisma) and data scripts (prisma/seed.ts) which can be influenced by external project requirements or attacker-controlled data.\n
Boundary markers: Absent; there are no clear delimiters or instructions telling the agent to ignore commands or logic embedded within the schema or data files it reads.\n
Capability inventory: The skill can execute npm install, npx prisma migrate dev (which executes SQL), and npx prisma db seed (which executes TypeScript via ts-node). It also includes destructive commands like npx prisma migrate reset.\n
Sanitization: Absent; the skill relies on direct execution of the files it manages without validation of the embedded logic.\n- Unverifiable Dependencies & Remote Code Execution (MEDIUM): The skill installs and executes packages (prisma, ts-node) and scripts (seed.ts) at runtime. While the packages are from a trusted registry (npm), the execution of a locally-defined seed script represents a high-capability execution path.\n- Privilege Escalation (MEDIUM): The skill encourages the use of potentially destructive commands like prisma migrate reset and requires high-privilege database credentials to be stored in the .env file for schema modifications.

supabase-prisma-database-management