mongodb-find-queries
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill defines input fields for collection names and filter criteria which are used to construct MongoDB queries. While this creates a potential surface for NoSQL injection if the agent executes these queries against a live database, the skill itself provides standard documentation and templates without performing the execution.
- [INGESTION_POINTS]: File 'SKILL.md' defines 'collection_name' and 'filter_criteria' as required context inputs.
- [BOUNDARY_MARKERS]: No explicit boundary markers or 'ignore embedded instructions' warnings are present in the query templates.
- [CAPABILITY_INVENTORY]: The skill provides logic for 'query-construction', 'filter-operators', and 'projection-design' but contains no subprocess calls, network operations, or file-write capabilities.
- [SANITIZATION]: No explicit sanitization or validation logic is provided for the input criteria within the scripts or markdown instructions.
Audit Metadata