api-database-mongoose
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill instructs users to use environment variables for sensitive connection strings (MONGODB_URI) instead of hardcoding them, adhering to secret management best practices.
- [SAFE]: Educational content identifies and warns against insecure practices, such as hardcoding credentials in source code or using the 'localhost' alias which can cause connectivity issues in newer environments.
- [SAFE]: Schema definitions include robust validation constraints (required, enum, regex, and custom validators) that serve as a primary defense against malformed or malicious data injection into the database.
- [SAFE]: The skill provides patterns for secure transaction management, including explicit session handling and the use of AsyncLocalStorage to ensure data integrity and prevent race conditions.
- [SAFE]: Guidance on the use of '.lean()' and field selection reduces memory overhead and prevents over-fetching of data, minimizing the application's attack surface and potential for information disclosure.
Audit Metadata