prisma-client-api
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): The skill provides static documentation and code samples for the Prisma ORM. No malicious code, obfuscation, or persistence mechanisms were found.
- [DATA_EXPOSURE] (SAFE): Code examples use
process.env.DATABASE_URLfor database connections, which aligns with security best practices for managing sensitive credentials. - [COMMAND_EXECUTION] (SAFE): The documentation for raw SQL queries (
$queryRawUnsafe,$executeRawUnsafe) inreferences/raw-queries.mdexplicitly labels vulnerable patterns as unsafe and provides secure, parameterized alternatives. This educational approach reduces the risk of accidental SQL injection vulnerability introduction. - [PROMPT_INJECTION] (SAFE): No instructions were found that attempt to override agent constraints or safety filters.
- [INDIRECT_PROMPT_INJECTION] (SAFE): While the skill reacts to user-provided data (queries about Prisma models), the evidence chain confirms its safety:
- Ingestion points: User queries containing Prisma keywords (e.g.,
findMany,create). - Boundary markers: None present.
- Capability inventory: The skill has no capabilities to execute shell commands, perform network requests, or modify the file system.
- Sanitization: Not applicable as the skill only provides static documentation.
Audit Metadata