database-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No instructions found that attempt to bypass safety filters or override system-level instructions.
- Data Exposure & Exfiltration (SAFE): No hardcoded secrets or sensitive file paths detected. The skill specifically instructs the user to filter by
shopIdto prevent multi-tenant data leaks, which is a defensive security measure. - Obfuscation (SAFE): The content is entirely human-readable Markdown and code. No hidden characters, Base64 encoding, or homoglyphs are present.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill mentions
npx prismacommands for migrations, which is standard tooling for the stated purpose. No untrusted remote scripts or shell pipelining were found. - Indirect Prompt Injection (SAFE):
- Ingestion points: The skill describes patterns for reading database records (products, shops) and parsing JSON metadata.
- Boundary markers: The skill recommends using explicit Prisma
whereclauses andselectstatements to define clear data boundaries. - Capability inventory: The skill is granted
Read,Write,Edit,Grep, andGlobtools, which are appropriate for managing database-related code files. - Sanitization: Error handling for common database exceptions is demonstrated, though specific sanitization of untrusted database content for the LLM context is out of scope for this documentation-style skill.
- Persistence Mechanisms (SAFE): No attempts to modify system startup files, cron jobs, or shell profiles were identified.
Audit Metadata