prisma-postgres
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill instructs the use of 'npx create-db@latest' and 'npx prisma studio'. These commands fetch and execute the latest packages from the npm registry. Since 'prisma' is not in the Trusted External Sources list, this is considered an unverifiable remote download.
- [COMMAND_EXECUTION] (HIGH): The core functionality relies on the agent executing shell commands such as npx, npm, and bun. This provides a direct path for remote code execution if the agent is influenced by malicious input.
- [CREDENTIALS_UNSAFE] (MEDIUM): The 'create-db-cli.md' file promotes the '--env .env' flag to write 'DATABASE_URL' and 'CLAIM_URL' to the local filesystem. This exposes sensitive database credentials to any process or agent with file read access.
- [INDIRECT_PROMPT_INJECTION] (HIGH): The skill possesses a high-risk attack surface as it ingests untrusted data from the Prisma Management API and external CLI outputs, then uses that data in write/execute operations. Ingestion points: Prisma Management API (api.prisma.io/v1). Boundary markers: Absent; no instructions to ignore embedded commands in API responses. Capability inventory: File modification (--env), package installation (npm install), and shell execution (npx). Sanitization: Absent; no validation for region strings or project names before command interpolation.
Recommendations
- AI detected serious security threats
Audit Metadata