prisma-next-supabase

Pass

Audited by Gen Agent Trust Hub on Jul 18, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: All referenced packages belong to the @prisma-next ecosystem, which is consistent with the identified vendor 'prisma'. This includes adapters, drivers, and extension packs for Supabase.
  • [SAFE]: The skill demonstrates safe secret management by instructing users to store sensitive credentials like DATABASE_URL and SUPABASE_JWT_SECRET in environment variables rather than hardcoding them.
  • [COMMAND_EXECUTION]: The skill includes SQL GRANT statements for manual execution in a database console. These are standard administrative actions required to set up the necessary permissions for the described Supabase roles and do not represent a security risk within the skill itself.
  • [PROMPT_INJECTION]: As the skill involves processing data from external sources such as JWT claims and database contracts, it possesses an inherent surface for indirect prompt injection. However, the use of structured validation (via jose for JWTs) and clear boundaries between user-controlled and system-controlled contract spaces mitigates this risk. (Internal Severity: LOW)
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 18, 2026, 07:00 AM
Security Audit — agent-trust-hub — prisma-next-supabase