mongodb-mongoose
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by design, as it provides templates for ingesting and processing untrusted data.
- Ingestion points: The API handlers in
examples/recipe-api-example.md(e.g.,POST /api/recipes) and thescripts/seed-database.jsutility ingest external content into the database context. - Boundary markers: There are no boundary markers or specific instructions provided to the agent to treat embedded data as untrusted or to ignore instructions contained within.
- Capability inventory: The skill includes scripts with significant data manipulation capabilities, such as the
deleteMany({})operation inscripts/seed-database.jsand full CRUD operations in the API examples. - Sanitization: While the code utilizes standard Mongoose validation and ID checks, it lacks specific sanitization or filtering logic designed to mitigate the risk of malicious instructions being processed by an LLM interacting with this data.
Audit Metadata