Skills
skills/mongodb/mongo-tools/mongo-tools-js-to-go/Gen Agent Trust Hub

mongo-tools-js-to-go

Pass

Audited by Gen Agent Trust Hub on Jun 25, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is subject to an indirect prompt injection surface (Category 8) because it processes untrusted local JavaScript files to generate code.
  • Ingestion points: The conversion process (Step 1) requires reading JavaScript integration tests from the local workspace.
  • Boundary markers: None are defined to delimit the content of the JS files being processed.
  • Capability inventory: The skill allows for file generation, shell command execution for testing (go test), and local file deletion (rm equivalent in Step 9).
  • Sanitization: No specific content filtering is performed on the input files. However, the risk is mitigated by the instruction (Step 6) to utilize a separate sub-agent without shared context to review the generated output for correctness and safety.
  • [COMMAND_EXECUTION]: The skill provides several command-line templates for running Go integration tests and executing repository-specific tools like precious for linting and formatting. These operations are restricted to the local development environment and align with the primary purpose of the skill without attempting privilege escalation.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 25, 2026, 07:34 PM
Security Audit — agent-trust-hub — mongo-tools-js-to-go