mongodb
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Indirect Prompt Injection vulnerability (Category 8). The skill uses the
mcp__context7__query-docstool to ingest external documentation from the library/mongodb/mongo-csharp-driver. Evidence: 1. Ingestion points:mcp__context7__query-docsis used to fetch external content. 2. Boundary markers: Absent; no delimiters are defined to separate external documentation from the system prompt. 3. Capability inventory: High-privilege tools includingBash,Write, andEditare permitted. 4. Sanitization: Absent; the skill does not filter or validate the fetched content before processing. - [COMMAND_EXECUTION] (HIGH): The skill enables the
Bashtool, providing the agent with shell access. When combined with the high risk of indirect prompt injection from external documentation, this creates a path for Remote Code Execution (RCE) where an attacker could influence the commands executed via the shell.
Recommendations
- AI detected serious security threats
Audit Metadata