Security Audit

prisma-gen

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

TRUSTED

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

prisma-gen received a trust score of 79/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Unpinned npm dependency version, Potential System Prompt Exfiltration via User Input, Caret dependencies in package.json.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

93%

LLM Behavioral Safety

85%

Behavioral Risk Signals

Filesystem Write

1 finding

Shell Execution

2 findings

Dynamic Code

1 finding

Security Findings3

Severity	Finding	Layer	Location
HIGH	Potential System Prompt Exfiltration via User Input The skill directly passes user-provided input (the `<description>` argument) to the OpenAI API as a `user` message without any sanitization or validation. A malicious user could craft a prompt injection to manipulate the `gpt-4o-mini` model into revealing its system prompt or other internal instructions, which constitutes data exfiltration of the skill's operational details and intellectual property. Implement robust input validation and sanitization for the `description` argument. Consider using techniques like prompt templating, output parsing, or a separate moderation API to filter malicious inputs or outputs. Design the system prompt to be resilient against common injection techniques and avoid embedding sensitive information.	LLM	src/index.ts:10
MEDIUM	Unpinned npm dependency version Dependency 'commander' is not pinned to an exact version ('^12.1.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk.	Dependencies	skills/lxgicstudios/prisma-schema-gen/package.json
INFO	Caret dependencies in package.json The `package.json` file specifies direct dependencies using caret (`^`) ranges (e.g., `"commander": "^12.1.0"`). While `package-lock.json` pins exact versions for reproducible builds, relying solely on `package-lock.json` can introduce risks if the build environment does not strictly adhere to it or if `package.json` is used in isolation. This could lead to unexpected dependency updates that might introduce vulnerabilities or breaking changes. Pin direct dependencies to exact versions in `package.json` (e.g., `"commander": "12.1.0"`) to ensure deterministic dependency resolution across all environments and reduce the risk of unexpected updates.	LLM	package.json:10

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/586df3be7dc9368b.svg)](https://skillshield.io/report/586df3be7dc9368b)