mongodb
Warn
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill provides a command example for creating an admin user with a hardcoded password ('pwd: "secret"').
- [EXTERNAL_DOWNLOADS]: Installs the 'mongodb-org' package from standard repositories via the system package manager.
- [COMMAND_EXECUTION]: Executes system commands to install packages ('apt'), manage services ('systemctl'), and perform database backups/restores ('mongodump', 'mongorestore').
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted user data into database records without explicit sanitization or boundary markers.
- Ingestion points: Data provided to 'db.users.insertOne' in 'SKILL.md'.
- Boundary markers: None detected.
- Capability inventory: Shell execution ('apt', 'systemctl', 'mongodump') and database administrative commands ('db.createUser', 'rs.initiate').
- Sanitization: No input validation or escaping logic is implemented for the data written to the database.
Audit Metadata