statute-proxy
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill functions as a documentation and scaffolding aid for a specific Go framework design. No malicious intent, prompt injection, or data exfiltration logic was detected across any files.
- [SAFE]: All external resources are identified as vendor-owned (kjanat) or reputable services (Let's Encrypt). No suspicious downloads or remote code execution patterns were found.
- [SAFE]: The skill explicitly instructs the agent to enforce security best practices, such as mitigating Slowloris attacks by setting ReadHeaderTimeout and preventing credential leakage by flagging hardcoded secrets.
- [PROMPT_INJECTION]: Vulnerability surface for indirect prompt injection identified. This is an architectural risk inherent to code-review skills and not a malicious finding. * Ingestion points: User-supplied Go configuration files or server source code in 'review' mode. * Boundary markers: None specified in the instructions for delimiting user-provided data. * Capability inventory: Scaffolding code generation and providing architectural recommendations. * Sanitization: No explicit sanitization or validation of untrusted user input is described.
Audit Metadata