The Agent Skills Directory

[SAFE]: The skill promotes secure coding practices by mandating the use of parameterized queries and explicitly forbidding the concatenation of user input into SQL strings in SKILL.md.
[SAFE]: The guidance correctly identifies the risks of AI-generated database schemas and restricts the agent from performing DDL operations without human review, preventing potential production instability.
[SAFE]: The skill includes extensive instructions for proper transaction management and resource cleanup (e.g., closing rows) to prevent data corruption and connection leaks.
[PROMPT_INJECTION]: The skill establishes a surface for indirect prompt injection as it requires the agent to read and analyze external codebase contents and database metadata.
Ingestion points: Processes existing Go source code files and database schema/index definitions as part of its review and performance optimization modes defined in SKILL.md.
Boundary markers: Absent. The instructions do not specify the use of delimiters or 'ignore' instructions when the agent processes untrusted codebase content.
Capability inventory: The skill utilizes Bash, Write, Edit, and Agent tools, which allow for persistent filesystem changes and shell command execution.
Sanitization: While the skill provides logic for sanitizing application-level inputs (parameterized queries), it does not define sanitization procedures for the agent's own ingestion of external code comments or strings.

golang-database