prisma-next-quickstart
Pass
Audited by Gen Agent Trust Hub on May 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the user to execute shell commands such as
pnpm dlx prisma-next init,pnpm prisma-next db init, andpnpm prisma-next contract emit. These are standard operational commands for the Prisma Next framework to scaffold projects and manage database schemas. - [EXTERNAL_DOWNLOADS]: The skill guides the user to download and run the Prisma Next CLI tool using
pnpm dlx, which fetches the package from the npm registry. This is a routine package management operation for Node.js environments. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by reading user-provided project files to orient the agent to the current project state.
- Ingestion points: Reads project files including
prisma-next.config.ts,contract.prisma,src/prisma/db.ts, and.envto identify the database target and contract structure. - Boundary markers: The instructions do not specify the use of boundary markers or delimiters when the agent reads these external files.
- Capability inventory: The skill has access to shell execution via commands like
prisma-next db initandcontract emitto interact with the database and filesystem. - Sanitization: There is no explicit requirement for the agent to sanitize or validate the content of the project files (such as the Prisma Schema Language content) before processing them for orientation.
Audit Metadata