powersync
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides instructions for the agent to help users set up PowerSync Cloud and self-hosted instances. It explicitly instructs the agent to persist credentials, URLs, and keys to a project's
.envfile, which is a standard and recommended practice for secure secret management in development environments. - [SAFE]: The skill directs the installation of official PowerSync packages and related peer dependencies (such as
@powersync/web,@powersync/react-native, andbetter-sqlite3) from established, well-known package registries including NPM, Pub.dev, NuGet, and Maven Central. - [SAFE]: The documentation contains proactive security warnings, such as advising against the use of weak placeholder passwords in production and providing guidance on secure logical replication setup in PostgreSQL and MongoDB.
- [SAFE]: The skill mentions the use of the PowerSync CLI for various operations. The CLI behavior, such as overwriting local configuration files during a
pulloperation, is documented as a warning to the user, ensuring transparency and preventing accidental data loss.
Audit Metadata