drizzle-orm
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOW
Full Analysis
- [Prompt Injection] (SAFE): No override markers or jailbreak attempts were found. The instruction logic focuses entirely on domain-specific guidance for Drizzle ORM.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded secrets or sensitive file paths were detected. The patterns correctly use environment variables for sensitive database credentials.
- [Unverifiable Dependencies] (LOW): The skill references standard industry packages (
drizzle-orm,drizzle-kit). These are well-known and expected for this domain. - [Indirect Prompt Injection] (LOW): The skill possesses an ingestion surface via user-provided schemas and queries for review. However, it lacks high-privilege capabilities (network send, file system write) to exploit this surface. It includes explicit validation rules (
references/validations.md) to mitigate risks in the code it processes. - [SQL Injection Protection] (SAFE): The skill actively guards against SQL injection by providing specific education on parameterized queries and regex-based validation rules to detect unsafe string interpolation in SQL templates.
Audit Metadata