prisma-gen
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill prompts the user to execute
npx ai-prisma-gen, which downloads theai-prisma-genpackage from the public npm registry at runtime. - [REMOTE_CODE_EXECUTION]: The use of
npxto run a package from an unverified third-party source constitutes remote code execution, as the package code is fetched and executed directly in the user's environment. - [COMMAND_EXECUTION]: The skill's primary functionality relies on executing shell commands (
npx ai-prisma-gen ...) which could be manipulated if input is not properly sanitized. - [CREDENTIALS_UNSAFE]: The skill explicitly requires the
OPENAI_API_KEYenvironment variable to be set. While standard for AI-based tools, this sensitive credential is exposed to the environment where the unverifiedai-prisma-genpackage is executed. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by taking natural language descriptions and passing them to an LLM to generate code (Prisma schemas).
- Ingestion points: User-provided English descriptions passed as arguments to the CLI tool.
- Boundary markers: None identified in the skill instructions.
- Capability inventory: Execution of shell commands via
npxand network access (to OpenAI API). - Sanitization: No evidence of input sanitization or validation of the natural language description before it is processed.
Audit Metadata