mongodb
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill connects to data.mongodb-api.com to interact with the MongoDB Atlas Data API. This is an official domain for a well-known service.
- [COMMAND_EXECUTION]: Utilizes curl and jq commands within SKILL.md to perform network requests and parse JSON data. This is a standard method for interacting with web APIs in a shell environment.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from an external database.
- Ingestion points: Results from MongoDB collections retrieved via curl commands in SKILL.md.
- Boundary markers: None identified; database records are directly included in the agent context.
- Capability inventory: Includes shell command execution through curl and jq.
- Sanitization: No sanitization or validation of the data returned from the database is performed before it is handled by the agent.
Audit Metadata