pocketbase-api-add-field
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Data Exposure & Exfiltration (SAFE): The skill uses clearly labeled placeholder values for administrative credentials in its examples and documentation.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill references the official 'pocketbase' package from the npm registry. No suspicious remote code execution or untrusted source patterns were found.
- Indirect Prompt Injection (SAFE): While the provided scripts process external inputs such as collection names, the risk of injection is mitigated by hardcoded field definitions in examples and explicit regex validation for field names.
- Ingestion points: The collection name is ingested via 'process.argv[2]' in 'examples/basic-field-addition.js'.
- Boundary markers: Not applicable for this script-based implementation.
- Capability inventory: The script uses 'pb.collections.update' to modify the database schema.
- Sanitization: The 'validateNewFields' function implements regular expression validation to ensure field names follow a safe alphanumeric format.
Audit Metadata