query-service
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (SAFE): The skill handles untrusted search and pagination parameters from the user. Evidence: 1. Ingestion points: searchParams in Next.js Server Components. 2. Boundary markers: Not used, relying on Prisma's internal query parameterization. 3. Capability inventory: Database SELECT and COUNT operations via @prisma/client. 4. Sanitization: The skill enforces strict whitelisting for sorting keys and uses Math.max/min for pagination boundary safety.
- Dynamic Execution (SAFE): Dynamic object property access is used for generating 'orderBy' clauses; however, the skill explicitly requires these keys to be whitelisted and validated against known safe values.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill depends on the standard '@prisma/client' package and does not contain any patterns for downloading or executing remote code or scripts.
Audit Metadata