Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

prisma/prisma-client-api-raw-queries

Name: prisma-client-api-raw-queries
Author: prisma

skills/prisma-client-api-raw-queries/SKILL.md

npx skillsauth add prisma/cursor-plugin prisma-client-api-raw-queries

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Error

VirusTotalMulti-engine malware detection

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Raw Queries

Execute raw SQL when Prisma's query API isn't sufficient.

$queryRaw

Execute SELECT queries and get typed results:

const users = await prisma.$queryRaw`
  SELECT * FROM "User" WHERE email LIKE ${'%@prisma.io'}
`

With type

type User = { id: number; email: string; name: string | null }

const users = await prisma.$queryRaw<User[]>`
  SELECT id, email, name FROM "User" WHERE role = ${'ADMIN'}
`

Dynamic table/column names

Use Prisma.raw() for identifiers (not safe for user input):

import { Prisma } from '../generated/client'

const column = 'email'
const users = await prisma.$queryRaw`
  SELECT ${Prisma.raw(column)} FROM "User"
`

With Prisma.sql

Build queries dynamically:

import { Prisma } from '../generated/client'

const email = '[email protected]'
const query = Prisma.sql`SELECT * FROM "User" WHERE email = ${email}`
const users = await prisma.$queryRaw(query)

Join multiple SQL fragments

import { Prisma } from '../generated/client'

const conditions = [
  Prisma.sql`role = ${'ADMIN'}`,
  Prisma.sql`verified = ${true}`
]

const users = await prisma.$queryRaw`
  SELECT * FROM "User" 
  WHERE ${Prisma.join(conditions, ' AND ')}
`

$executeRaw

Execute INSERT, UPDATE, DELETE (returns affected count):

const count = await prisma.$executeRaw`
  UPDATE "User" SET verified = true WHERE email LIKE ${'%@prisma.io'}
`
console.log(`Updated ${count} users`)

Delete example

const deleted = await prisma.$executeRaw`
  DELETE FROM "User" WHERE "deletedAt" < ${thirtyDaysAgo}
`

Insert example

const inserted = await prisma.$executeRaw`
  INSERT INTO "Log" (message, level, timestamp)
  VALUES (${message}, ${level}, ${new Date()})
`

$queryRawUnsafe / $executeRawUnsafe

For fully dynamic queries (use with caution!):

// ⚠️ SQL injection risk - only use with trusted input
const table = 'User'
const users = await prisma.$queryRawUnsafe(
  `SELECT * FROM "${table}" WHERE id = $1`,
  userId
)

Parameterized unsafe query

const result = await prisma.$executeRawUnsafe(
  'UPDATE "User" SET name = $1 WHERE id = $2',
  'Alice',
  1
)

SQL Injection Prevention

Safe (parameterized)

// ✅ User input is parameterized
const email = userInput
const users = await prisma.$queryRaw`
  SELECT * FROM "User" WHERE email = ${email}
`

Unsafe (concatenation)

// ❌ SQL injection vulnerability!
const email = userInput
const users = await prisma.$queryRawUnsafe(
  `SELECT * FROM "User" WHERE email = '${email}'`
)

Database-Specific Features

PostgreSQL

// Array operations
const users = await prisma.$queryRaw`
  SELECT * FROM "User" WHERE 'admin' = ANY(roles)
`

// JSON operations
const users = await prisma.$queryRaw`
  SELECT * FROM "User" WHERE metadata->>'theme' = 'dark'
`

MySQL

// Full-text search
const posts = await prisma.$queryRaw`
  SELECT * FROM Post WHERE MATCH(title, content) AGAINST(${searchTerm})
`

Transactions with Raw Queries

await prisma.$transaction(async (tx) => {
  await tx.$executeRaw`UPDATE "Account" SET balance = balance - ${amount} WHERE id = ${senderId}`
  await tx.$executeRaw`UPDATE "Account" SET balance = balance + ${amount} WHERE id = ${recipientId}`
})

Handling Results

BigInt handling

PostgreSQL returns BigInt for COUNT:

const result = await prisma.$queryRaw<[{ count: bigint }]>`
  SELECT COUNT(*) as count FROM "User"
`
const count = Number(result[0].count)

Date handling

type Result = { createdAt: Date }
const users = await prisma.$queryRaw<Result[]>`
  SELECT "createdAt" FROM "User"
`
// createdAt is already a Date object

prisma/prisma-client-api-raw-queries

skills/prisma-client-api-raw-queries/SKILL.md

Raw Queries. Reference when using this Prisma feature.

4 stars

tools

Updated Mar 20, 2026

$ install --global

skillsauth

npx skillsauth add prisma/cursor-plugin prisma-client-api-raw-queries

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Error

VirusTotalMulti-engine malware detection

70%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Mar 20, 2026, 10:44 PM236.6s2 files scanned

SKILL.md

name:: prisma-client-api-raw-queries
description:: Raw Queries. Reference when using this Prisma feature.
license:: MIT
author:: prisma
version:: 7.0.0

Raw Queries

Execute raw SQL when Prisma's query API isn't sufficient.

$queryRaw

Execute SELECT queries and get typed results:

const users = await prisma.$queryRaw`
  SELECT * FROM "User" WHERE email LIKE ${'%@prisma.io'}
`

With type

type User = { id: number; email: string; name: string | null }

const users = await prisma.$queryRaw<User[]>`
  SELECT id, email, name FROM "User" WHERE role = ${'ADMIN'}
`

Dynamic table/column names

Use Prisma.raw() for identifiers (not safe for user input):

import { Prisma } from '../generated/client'

const column = 'email'
const users = await prisma.$queryRaw`
  SELECT ${Prisma.raw(column)} FROM "User"
`

With Prisma.sql

Build queries dynamically:

import { Prisma } from '../generated/client'

const email = '[email protected]'
const query = Prisma.sql`SELECT * FROM "User" WHERE email = ${email}`
const users = await prisma.$queryRaw(query)

Join multiple SQL fragments

import { Prisma } from '../generated/client'

const conditions = [
  Prisma.sql`role = ${'ADMIN'}`,
  Prisma.sql`verified = ${true}`
]

const users = await prisma.$queryRaw`
  SELECT * FROM "User" 
  WHERE ${Prisma.join(conditions, ' AND ')}
`

$executeRaw

Execute INSERT, UPDATE, DELETE (returns affected count):

const count = await prisma.$executeRaw`
  UPDATE "User" SET verified = true WHERE email LIKE ${'%@prisma.io'}
`
console.log(`Updated ${count} users`)

Delete example

const deleted = await prisma.$executeRaw`
  DELETE FROM "User" WHERE "deletedAt" < ${thirtyDaysAgo}
`

Insert example

const inserted = await prisma.$executeRaw`
  INSERT INTO "Log" (message, level, timestamp)
  VALUES (${message}, ${level}, ${new Date()})
`

$queryRawUnsafe / $executeRawUnsafe

For fully dynamic queries (use with caution!):

// ⚠️ SQL injection risk - only use with trusted input
const table = 'User'
const users = await prisma.$queryRawUnsafe(
  `SELECT * FROM "${table}" WHERE id = $1`,
  userId
)

Parameterized unsafe query

const result = await prisma.$executeRawUnsafe(
  'UPDATE "User" SET name = $1 WHERE id = $2',
  'Alice',
  1
)

SQL Injection Prevention

Safe (parameterized)

// ✅ User input is parameterized
const email = userInput
const users = await prisma.$queryRaw`
  SELECT * FROM "User" WHERE email = ${email}
`

Unsafe (concatenation)

// ❌ SQL injection vulnerability!
const email = userInput
const users = await prisma.$queryRawUnsafe(
  `SELECT * FROM "User" WHERE email = '${email}'`
)

Database-Specific Features

PostgreSQL

// Array operations
const users = await prisma.$queryRaw`
  SELECT * FROM "User" WHERE 'admin' = ANY(roles)
`

// JSON operations
const users = await prisma.$queryRaw`
  SELECT * FROM "User" WHERE metadata->>'theme' = 'dark'
`

MySQL

// Full-text search
const posts = await prisma.$queryRaw`
  SELECT * FROM Post WHERE MATCH(title, content) AGAINST(${searchTerm})
`

Transactions with Raw Queries

await prisma.$transaction(async (tx) => {
  await tx.$executeRaw`UPDATE "Account" SET balance = balance - ${amount} WHERE id = ${senderId}`
  await tx.$executeRaw`UPDATE "Account" SET balance = balance + ${amount} WHERE id = ${recipientId}`
})

Handling Results

BigInt handling

PostgreSQL returns BigInt for COUNT:

const result = await prisma.$queryRaw<[{ count: bigint }]>`
  SELECT COUNT(*) as count FROM "User"
`
const count = Number(result[0].count)

Date handling

type Result = { createdAt: Date }
const users = await prisma.$queryRaw<Result[]>`
  SELECT "createdAt" FROM "User"
`
// createdAt is already a Date object

Related Skills

prisma/prisma-upgrade-v7-schema-changes

databases

VerifiedTrustedOfficial

Schema Changes. Reference when using this Prisma feature.

4SKILL.mdUpdated Mar 20, 2026

prisma/prisma-upgrade-v7-schema-changes

prisma/prisma-upgrade-v7-removed-features

tools

VerifiedTrustedOfficial

Removed Features. Reference when using this Prisma feature.

4SKILL.mdUpdated Mar 20, 2026

prisma/prisma-upgrade-v7-removed-features

prisma/prisma-upgrade-v7-prisma-config

tools

VerifiedTrustedOfficial

Prisma Config. Reference when using this Prisma feature.

4SKILL.mdUpdated Mar 20, 2026

prisma/prisma-upgrade-v7-prisma-config

prisma/prisma-upgrade-v7-esm-support

tools

VerifiedTrustedOfficial

ESM Support. Reference when using this Prisma feature.

4SKILL.mdUpdated Mar 20, 2026

prisma/prisma-upgrade-v7-esm-support

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/prisma/cursor-plugin.git

# Copy into Claude Code skills folder (global)
cp -r cursor-plugin/skills/prisma-client-api-raw-queries ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

prisma/cursor-plugin

4 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT