mongodb-query-optimizer
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements database management functionality using official MongoDB MCP tools such as
collection-indexes,explain, andatlas-get-performance-advisor. All tool invocations and data retrieval operations are directly aligned with the skill's primary purpose of providing query optimization and indexing advice.- [SAFE]: Data exposure is limited to standard performance diagnostics. The skill suggests fetching a single sample document via thefindtool to infer schema structure and retrieves slow query logs to identify bottlenecks. This behavior is transparently documented in the workflow and adheres to the principle of least privilege for the intended performance analysis tasks.- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes external data from the database and Atlas logs. - Ingestion points: Documents retrieved via the
findtool and query text withinslowQueryLogsfetched from the Atlas Performance Advisor. - Boundary markers: None; retrieved data is processed without explicit delimiters or instructions to ignore potential embedded commands.
- Capability inventory: The agent's capabilities are restricted to the set of MongoDB-specific MCP tools defined in the skill configuration, which limits the potential impact of an injection.
- Sanitization: The skill does not implement explicit sanitization or filtering of the content retrieved from the database before analysis.
Audit Metadata