prisma-next-supabase
Pass
Audited by Gen Agent Trust Hub on Jul 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: All referenced packages belong to the
@prisma-nextecosystem, which is consistent with the identified vendor 'prisma'. This includes adapters, drivers, and extension packs for Supabase. - [SAFE]: The skill demonstrates safe secret management by instructing users to store sensitive credentials like
DATABASE_URLandSUPABASE_JWT_SECRETin environment variables rather than hardcoding them. - [COMMAND_EXECUTION]: The skill includes SQL
GRANTstatements for manual execution in a database console. These are standard administrative actions required to set up the necessary permissions for the described Supabase roles and do not represent a security risk within the skill itself. - [PROMPT_INJECTION]: As the skill involves processing data from external sources such as JWT claims and database contracts, it possesses an inherent surface for indirect prompt injection. However, the use of structured validation (via
josefor JWTs) and clear boundaries between user-controlled and system-controlled contract spaces mitigates this risk. (Internal Severity: LOW)
Audit Metadata