prisma-next-quickstart

Pass

Audited by Gen Agent Trust Hub on May 25, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the user to execute shell commands such as pnpm dlx prisma-next init, pnpm prisma-next db init, and pnpm prisma-next contract emit. These are standard operational commands for the Prisma Next framework to scaffold projects and manage database schemas.
  • [EXTERNAL_DOWNLOADS]: The skill guides the user to download and run the Prisma Next CLI tool using pnpm dlx, which fetches the package from the npm registry. This is a routine package management operation for Node.js environments.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by reading user-provided project files to orient the agent to the current project state.
  • Ingestion points: Reads project files including prisma-next.config.ts, contract.prisma, src/prisma/db.ts, and .env to identify the database target and contract structure.
  • Boundary markers: The instructions do not specify the use of boundary markers or delimiters when the agent reads these external files.
  • Capability inventory: The skill has access to shell execution via commands like prisma-next db init and contract emit to interact with the database and filesystem.
  • Sanitization: There is no explicit requirement for the agent to sanitize or validate the content of the project files (such as the Prisma Schema Language content) before processing them for orientation.
Audit Metadata
Risk Level
SAFE
Analyzed
May 25, 2026, 08:44 PM
Security Audit — agent-trust-hub — prisma-next-quickstart