drizzle-orm-d1
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill defines several workflows that involve executing local development commands such as
npx drizzle-kitandnpx wrangler. These are standard tools required for the stated purpose of managing Drizzle migrations and Cloudflare D1 databases. The commands are scoped to the project directory and are part of the intended developer workflow. - [DATA_EXPOSURE] (SAFE): The configuration templates (e.g.,
drizzle.config.ts) useprocess.envfor sensitive Cloudflare credentials. The documentation explicitly warns users against hardcoding secrets or committing.envfiles to version control, which aligns with security best practices. - [PROMPT_INJECTION] (SAFE): No evidence of prompt injection patterns. The instructions focus on database migration logic and guiding the user through a safe workflow.
- [INDIRECT_PROMPT_INJECTION] (LOW): The agent reads local schema and SQL files. While these files are technically external input, the skill includes a safety step in
commands/migrate.mdthat scans for destructive SQL patterns (e.g.,DROP,TRUNCATE) and requires explicit user confirmation before proceeding. This effectively mitigates risks associated with processing malicious or accidental destructive instructions in data files.
Audit Metadata