mongosh-release-notes
Pass
Audited by Gen Agent Trust Hub on Jun 25, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: All external data sources and links are official MongoDB resources (github.com/mongodb-js/mongosh and jira.mongodb.org), matching the skill author 'mongodb'.
- [PROMPT_INJECTION]: The skill ingests data from an external GitHub repository which presents a surface for indirect prompt injection. (1) Ingestion point: Release notes fetched from mongodb-js/mongosh via referenced workflow. (2) Boundary markers: No explicit delimiters or ignore-instructions markers are defined in this configuration. (3) Capability inventory: The agent can use Read, Grep, Glob, Agent, and Edit tools to process content and modify files. (4) Sanitization: No explicit content sanitization is described. This risk is considered negligible as the source is the official project repository owned by the skill's author.
Audit Metadata