Skills
skills/pproenca/dot-skills/drizzle-sqlite-scaffold/Gen Agent Trust Hub

drizzle-sqlite-scaffold

Pass

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill requires the agent to execute shell commands to install NPM dependencies and run Drizzle CLI tools (drizzle-kit generate and drizzle-kit migrate) for database management.\n- [EXTERNAL_DOWNLOADS]: The skill facilitates downloading legitimate, well-known libraries from the NPM registry, such as drizzle-orm, better-sqlite3, and @libsql/client.\n- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by incorporating user-provided parameters directly into file paths and generated code templates.\n
  • Ingestion points: User input for table and entity names (name, table_name) collected through the AskUserQuestion tool.\n
  • Boundary markers: None specified; the instructions do not include delimiters or instructions to treat user input as untrusted data strings.\n
  • Capability inventory: The skill performs file system writes (creating .ts files in user-specified directories) and executes shell commands.\n
  • Sanitization: Not present; there are no explicit instructions for the agent to validate or sanitize user-provided strings before using them to define file locations or code identifiers.
Audit Metadata
Risk Level
SAFE
Analyzed
May 12, 2026, 09:39 PM