mongoose-mongodb
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No patterns of instruction override, safety bypass, or system prompt extraction were detected within the skill files.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials or sensitive file paths were found. The skill promotes secure practices by using environment variables for the MongoDB URI.
- Obfuscation (SAFE): All text and code are presented in clear, readable formats without any Base64 encoding, zero-width characters, or homoglyph-based obfuscation.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill references the standard 'mongoose' npm package. No remote script downloads or piped execution methods (e.g., curl|bash) are present.
- Indirect Prompt Injection (SAFE): 1. Ingestion points: External data enters the agent context via MongoDB query results using Mongoose models. 2. Boundary markers: Not explicitly used in the provided code snippets. 3. Capability inventory: Database CRUD (Create, Read, Update, Delete) operations. 4. Sanitization: The skill employs Mongoose schema definitions and built-in validators to enforce data integrity and structure.
Audit Metadata