atscript-db-mongo
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill provides legitimate documentation and usage examples for a database integration library. No malicious patterns, exfiltration attempts, or safety bypasses were detected.
- [EXTERNAL_DOWNLOADS]: Includes instructions for installing vendor packages (@atscript/db-mongo, @atscript/core, @atscript/typescript) and the standard mongodb driver through the npm registry.
- [COMMAND_EXECUTION]: Describes the execution of a local CLI tool (node ../typescript/dist/cli.cjs) used during the development process to regenerate type declarations.
- [PROMPT_INJECTION]: The skill facilitates the ingestion of data for database operations (insert, update, replace), representing a surface for indirect prompt injection. 1. Ingestion points: Data payloads passed to AsCollection CRUD methods in collections.md. 2. Boundary markers: Absent in data payloads. 3. Capability inventory: Database write operations (insert, replace, update) and index synchronization (syncIndexes) as detailed in collections.md. 4. Sanitization: Documentation describes built-in validation features and the use of getValidator and createValidator methods for schema enforcement.
Audit Metadata