The Agent Skills Directory

COMMAND_EXECUTION (HIGH): The bash script scripts/preview-migration.sh directly interpolates the first command-line argument ($1) into a shell command (npx prisma) and a file path glob (cat). This allows an attacker to execute arbitrary system commands or perform path traversal by providing a crafted migration name containing shell metacharacters (e.g., semicolons, backticks, or path sequences).
REMOTE_CODE_EXECUTION (MEDIUM): The test suite tests/migrations/split-name.test.ts utilizes child_process.execSync to run CLI commands. While common in development tools, this pattern provides a vector for system-level execution that could be exploited if migration names or environment variables are sourced from untrusted inputs.
INDIRECT_PROMPT_INJECTION (HIGH): The skill is designed to ingest untrusted data (database records and schema definitions) and possesses high-privilege capabilities including shell command execution and raw SQL modification. 1. Ingestion points: Reads schema.prisma and database content (e.g., names, emails). 2. Boundary markers: Absent; the skill does not use delimiters to isolate external data from instructions. 3. Capability inventory: execSync in shell/TypeScript and prisma.$executeRaw for direct DB manipulation. 4. Sanitization: No validation or escaping is applied to the migration name argument in the preview script or the raw SQL interpolation in tests.

prisma-migration-assistant