golang-database

Pass

Audited by Gen Agent Trust Hub on May 29, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill's 'Review/debug mode' instructs the agent to audit existing codebase files for database-related issues. This functionality creates an attack surface for indirect prompt injection, as malicious instructions could be embedded within the project's source code files that the agent processes.
  • Ingestion points: Local source code files accessed via Read, Glob, and Grep tools as described in the 'Modes' section of SKILL.md.
  • Boundary markers: Absent. The instructions do not define specific delimiters or warnings to prevent the agent from executing instructions found within the code being analyzed.
  • Capability inventory: The skill has the ability to execute shell commands via Bash(go:*), Bash(golangci-lint:*), and Bash(git:*), as well as perform file modifications using the Edit and Write tools in SKILL.md.
  • Sanitization: Absent. There is no mechanism described to sanitize or filter the content of ingested files before they are processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 29, 2026, 01:46 AM
Security Audit — agent-trust-hub — golang-database