prisma-schema-helper
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is designed to ingest and process untrusted external data (Prisma schemas) while possessing high-privilege tools like Bash and Write. This enables an attack vector where malicious instructions embedded in schemas could be executed by the agent. Ingestion points: Reading external files via the Read and Grep tools. Boundary markers: No delimiters or safety instructions are defined to separate user data from system prompts. Capability inventory: Bash, Write, Edit, Read, and Grep tools are requested. Sanitization: No sanitization, validation, or instruction filtering logic is specified.
- Privilege Escalation (HIGH): The skill explicitly requests the Bash tool, which provides high-level access to the host environment. For a task limited to schema assistance, this level of permission is excessive and increases the potential impact of an exploit.
- No Code (INFO): The skill consists entirely of markdown metadata and instructions; no executable scripts, configuration files, or dependency manifests are provided within the skill package.
Recommendations
- AI detected serious security threats
Audit Metadata