The Agent Skills Directory

[PROMPT_INJECTION]: The skill uses clear persona and mode definitions to guide agent behavior without attempting to override platform safety filters or bypass instructions. It includes healthy constraints, such as refusing to generate potentially dangerous schema SQL.
[DATA_EXFILTRATION]: No patterns of data exfiltration or access to sensitive credentials were found. The use of a hardcoded test DSN in the testing reference is standard for local integration tests and does not represent a credential risk.
[EXTERNAL_DOWNLOADS]: The skill references several well-known and trusted community libraries (sqlx, pgx, golang-migrate, testcontainers-go, etc.) as recommended tools. These are documented neutrally as standard industry resources.
[COMMAND_EXECUTION]: The allowed-tools configuration uses fine-grained permissions for specific toolchains (go, golangci-lint, git), which is a security best practice to limit the attack surface of the bash tool.
[INDIRECT_PROMPT_INJECTION]: The skill has a surface area for indirect injection as it reads existing codebase patterns via Grep to inform its code generation. However, it mitigates this risk by explicitly mandating parameterized queries and strict input validation for the resulting Go code.

backend-go-database