The Agent Skills Directory

General Security (SAFE): The skill provides legitimate documentation and code examples for database integration. The structure is transparent and the content aligns with its stated purpose of assisting developers with NoSQL implementations.
Category 2: Data Exposure & Exfiltration (SAFE): No hardcoded secrets or credentials were found. Examples correctly demonstrate using environment variables or local connection strings for database access.
Category 4: Unverifiable Dependencies & Remote Code Execution (SAFE): All referenced libraries (e.g., motor, pymongo, boto3, firebase-admin, mongodb) are standard industry-standard packages from trusted registries (PyPI, npm). There are no commands that download and execute remote scripts.
Category 8: Indirect Prompt Injection (LOW): While the skill provides templates for applications that process user data, it explicitly includes documentation on security rules, validation (using Zod/Pydantic/JSON Schema), and best practices to mitigate common database vulnerabilities.
Category 10: Dynamic Execution (SAFE): The provided Python script validate_indexes.py performs static inspection of database metadata and profiling logs using standard driver methods. It does not execute arbitrary code or evaluate untrusted strings.

using-document-databases