Skills
skills/shipshitdev/library/mongodb-atlas-checker/Gen Agent Trust Hub

mongodb-atlas-checker

Pass

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [SAFE]: The skill instructs the agent to verify the existence of sensitive environment variables like MONGODB_URI in .env files. This is documented as a standard security audit practice and is necessary for the skill's primary function of troubleshooting database connections.
  • [COMMAND_EXECUTION]: The guide includes a verification script (scripts/test-mongodb-connection.ts) meant to be executed via shell (node or ts-node) to validate the database connection. This is a functional requirement for the skill's purpose.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes untrusted project files (e.g., ARCHITECTURE.md, .env, source code) while possessing the capability to execute shell commands and read files.
  • Ingestion points: Project configuration files (.env, .env.local), documentation (.agents/SYSTEM/ARCHITECTURE.md), and application source code.
  • Boundary markers: Absent; the skill does not explicitly instruct the agent to ignore embedded commands in the files it audits.
  • Capability inventory: File system read access and shell command execution (node, ts-node).
  • Sanitization: Absent; data from the project is used directly for auditing steps.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 22, 2026, 07:31 AM