powersync
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill makes extensive use of the PowerSync CLI for operations such as initializing instances, deploying configurations, and generating schemas. These are standard management commands for the documented service and are used with explicit guidance to confirm target instances.
- [CREDENTIALS_UNSAFE]: While the skill involves managing database credentials and authentication secrets, it consistently follows best practices by instructing the agent to write these sensitive values to
.envfiles and use environment variable substitution (!env) in configuration files. Documentation and code examples use placeholders or standard development examples. - [PROMPT_INJECTION]: The skill uses strong instructional framing (e.g., "non-negotiable", "mandatory compliance") to ensure the AI agent follows a specific, complex setup sequence for database replication. These are functional instructions aimed at preventing integration errors rather than attempts to bypass AI safety filters or exfiltrate data.
- [EXTERNAL_DOWNLOADS]: The skill references several official packages from the
@powersync/*and@journeyapps/*namespaces on NPM and other registries. These are legitimate vendor dependencies required for the sync engine's functionality.
Audit Metadata