hyperdrive
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill references standard packages from npm (postgres, pg, vitest) and Docker Hub (postgres:16). These are considered trusted sources for the intended development use case.
- [CREDENTIALS_UNSAFE] (SAFE): While connection strings are shown in examples, they use generic placeholders. The documentation explicitly advises users to store credentials in environment variables and avoid committing them to version control.
- [PROMPT_INJECTION] (LOW): Assessment for indirect injection: 1. Ingestion points: env.HYPERDRIVE.connectionString (SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: Database query execution. 4. Sanitization: The use of the postgres.js library with tagged template literals ensures that queries are parameterized, preventing SQL injection.
Audit Metadata