neon-drizzle
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill utilizes shell commands and script-based execution (e.g.,
scripts/generate-schema.tscallingchild_process.exec) to perform database migrations and project setup. These operations are limited to standard developer tools likenpx drizzle-kitand are essential for the skill's core functionality. - [EXTERNAL_DOWNLOADS] (LOW): The setup guide involves installing several Node.js packages (
drizzle-orm,@neondatabase/serverless,drizzle-kit, etc.) from the npm registry. These are well-known libraries from trusted ecosystems required for the skill's purpose. - [DATA_EXPOSURE] (LOW): The skill handles sensitive database credentials (
DATABASE_URL). It follows best practices by instructing the agent to store these in environment files (.env,.env.local) and explicitly reminds the agent to add these files to.gitignoreto prevent accidental leakage. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill analyzes project files to tailor its setup process. 1. Ingestion points: Reads
package.json,tsconfig.json, and.env.localto detect frameworks and configurations. 2. Boundary markers: Absent. 3. Capability inventory:bash(command execution),write(file modification),read_file(file access). 4. Sanitization: Absent; the skill relies on the agent's interpretation of standard project metadata.
Audit Metadata