Prisma Schema Analyzer

Security checks across malware telemetry and agentic risk

Overview

This skill is a focused Prisma schema review aid with disclosed local inspection steps and no evidence of hidden, destructive, or exfiltrating behavior.

Install if you are comfortable with the agent reading your Prisma schema, migrations, and relevant application source files. Review any npx prisma command before allowing it, especially in projects with production DATABASE_URL values or unpinned Prisma tooling.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The skill claims to analyze Prisma schemas, but its documented workflow expands into grepping the entire `src/` tree for Prisma Client usage. That broad codebase scanning can unnecessarily expose unrelated application source, secrets, or sensitive business logic to the agent, violating least-privilege expectations for a schema-focused audit.

Context-Inappropriate Capability

Medium

Confidence: 81% confidence
Finding: Documenting `npx prisma migrate diff` goes beyond passive inspection and invokes a project CLI tool, which can trigger broader environment interaction than a read-only documentation audit. Even if intended for safe analysis, executing local tooling increases attack surface by depending on installed binaries, project configuration, and runtime environment behavior.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal