The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill makes extensive use of npx and bunx to execute official Prisma packages like @prisma/cli@latest and create-prisma@latest. These are legitimate vendor resources used for their intended purpose in project scaffolding and deployment.
[COMMAND_EXECUTION]: The helper script scripts/verify-compute-surface.mjs uses node:child_process's spawn to run CLI help commands (e.g., npx @prisma/cli@latest app --help). This is used to dynamically detect available features in the local environment and is considered safe behavior for a development tool.
[DATA_EXFILTRATION]: The skill includes scripts/smoke-deployed-app.mjs, which uses the fetch API to perform health checks on deployed application URLs. The script includes a safety check to prevent requests to loopback/localhost addresses (isLoopbackHost) by default, reducing the risk of internal network scanning.
[CREDENTIALS_UNSAFE]: The documentation mentions authentication tokens such as PRISMA_SERVICE_TOKEN and PRISMA_API_TOKEN. However, the skill explicitly instructs the agent to avoid printing or leaking these secrets (env-do-not-leak-secrets) and suggests using sed to redact values when inspecting .env files.
[PROMPT_INJECTION]: A static analysis hint flagged 'PI_CONCEALMENT'. This refers to the instructions to use --no-interactive and --json flags with CLI commands. In the context of this skill, these flags are standard practices for ensuring machine-readable output for the AI agent and do not constitute a malicious attempt to hide actions from the user.

prisma-compute