mongodb-ai
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill consists entirely of technical documentation and code examples in markdown format. No executable scripts or binaries are bundled with the skill.
- [EXTERNAL_DOWNLOADS]: Recommends the use of well-known and trusted tools, including the official
mongodb-mcp-serverand the author's ownskillsCLI. These are documented as optional setup steps for integration. - [COMMAND_EXECUTION]: Provides standard MongoDB shell and JavaScript aggregation examples. It includes an explicit 'Action Policy' instructing the agent to always seek human approval before performing write operations, ensuring operational safety.
- [PROMPT_INJECTION]: Includes instructional warnings about knowledge cutoffs and behavioral constraints for database safety. These guidelines are legitimate operational instructions and do not attempt to bypass agent safety filters or override system guardrails.
- [DATA_EXFILTRATION]: Best practices are followed for handling sensitive data; the documentation instructs users to use environment variables for connection strings and API keys, using placeholders in examples rather than hardcoding secrets.
Audit Metadata