stash-drizzle
Integrates CipherStash encryption with Drizzle ORM for secure data handling and querying in applications.
Install this skill
or
88/100
Security score
The stash-drizzle skill was audited on May 26, 2026 and we found 4 security issues across 3 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
medium line 661
Template literal with variable interpolation in command context
SourceSKILL.md
| 661 | conditions.push(encryptionOps.ilike(usersTable.email, `%${req.query.email}%`)) |
medium line 428
Webhook reference - potential data exfiltration
SourceSKILL.md
| 428 | **The dual-write rule.** Every persistence path that mutates this row writes both columns, in the same transaction, on every code branch. Insert sites, update sites, upserts, ON CONFLICT clauses, seed |
low line 140
Access to .env file
SourceSKILL.md
| 140 | const db = drizzle({ client: postgres(process.env.DATABASE_URL!) }) |
low line 642
Access to .env file
SourceSKILL.md
| 642 | const db = drizzle({ client: postgres(process.env.DATABASE_URL!) }) |
Scanned on May 26, 2026
View Security Dashboard