database-design
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [GENERAL] (SAFE): The skill is primarily instructional documentation supported by a utility script (
schema_validator.py) designed to identify best practice violations in database schemas. - [REMOTE_CODE_EXECUTION] (SAFE): No remote code patterns, external downloads, or runtime execution of untrusted code were identified. The
schema_validator.pyscript uses only standard Python libraries. - [DATA_EXFILTRATION] (SAFE): The script performs local file reads within the project directory to find schema files but does not include any network-capable code (e.g., requests, socket, urllib).
- [PROMPT_INJECTION] (SAFE): The markdown instructions are focused on database design theory and do not contain hidden instructions or attempts to override the agent's system prompt or safety guidelines.
- [INDIRECT_PROMPT_INJECTION] (LOW): The script reads external data (Prisma/Drizzle schema files). While it lacks explicit sanitization, it uses regular expressions to extract structured model information and outputs findings in a structured JSON/text format. It has no capabilities to execute side effects based on the content of those files.
- [PERSISTENCE] (SAFE): No attempts to modify shell profiles, scheduled tasks, or startup services were found.
Audit Metadata