# @prisma/compute-sdk@0.28.0 — Threat Briefing

Critical risk — threat briefing for npm package @prisma/compute-sdk@0.28.0. Capabilities, risk paths, and what to check.

- **Ecosystem:** npm
- **Latest version:** 0.28.0
- **License:** Apache-2.0

## Risk

- **Level:** critical
- **Summary:** Install hook + shell exec + network — dropper shape (scopes may be install or runtime; install hook can transitively reach runtime caps via the postinstall entrypoint)

## Capability Summary

| Capability | Level |
|---|---|
| install scripts | Prepack |
| network access | client |
| filesystem | both |
| shell execution | exec |

## Capabilities

### Install Scripts

- Install-time script execution [common]

### Other

- Bulk environment variable access [common]
- Network stdlib call (info-only) [common]
- package.json uses conditional exports (runtime entry point varies) [common]

### Environment

- Environment variable access [common]

### Network

- Network client [common]

### Execution

- Shell execution [unusual]

## Key Signals

- ****
- ****
- ****
- ****

## Maintainer


## Recommended Action

Do not install. Review immediately if already in use.