skills/tencentcloudbase/cloudbase-ai-toolkit/cloudbase-document-database-in-wechat-miniprogram/Gen Agent Trust Hub
cloudbase-document-database-in-wechat-miniprogram
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates the retrieval and processing of data from external database collections (e.g., via
db.collection().get()andaggregate().end()). This documentation describes an attack surface for Indirect Prompt Injection, where malicious content stored in the database could potentially influence the agent's logic or output. - Ingestion points: Data enters the context through database query results in all secondary documentation files (e.g.,
crud-operations.md,aggregation.md). - Boundary markers: No specific delimiters or "ignore instructions" prompts are recommended in the code snippets provided.
- Capability inventory: The skill documents full CRUD capabilities (create, read, update, delete) and complex aggregation pipelines.
- Sanitization: The documentation does not explicitly detail sanitization or validation steps for content retrieved from the database before being processed by the agent.
Audit Metadata