higress-wasm-go-plugin
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Unverifiable Dependencies (MEDIUM): The skill requires downloading several Go packages from 'github.com/higress-group' and 'github.com/tidwall'.
- Evidence:
go get github.com/higress-group/proxy-wasm-go-sdk@go-1.24,go get github.com/higress-group/wasm-go@main, andgo get github.com/tidwall/gjsonin SKILL.md. These sources are not within the defined trusted organization list. - Command Execution & Environment Modification (MEDIUM): The skill modifies the system's Go environment to use a specific regional proxy.
- Evidence:
go env -w GOPROXY=https://proxy.golang.com.cn,directin SKILL.md. While common for regional optimization, it directs the toolchain to an external third-party proxy for all future package downloads. - Indirect Prompt Injection Surface (HIGH): The skill creates components meant to process untrusted external data with high-impact capabilities.
- Ingestion Points: HTTP request headers (
onHttpRequestHeaders), request bodies (ProcessRequestBody), and response bodies (ProcessResponseBody). - Boundary Markers: Absent. There are no instructions or templates for delimiting untrusted input or warning the agent/plugin to ignore embedded instructions.
- Capability Inventory: Capabilities include traffic modification (
proxywasm.AddHttpRequestHeader), direct response generation (proxywasm.SendHttpResponse), and external service interactions (wrapper.NewClusterClient,wrapper.NewRedisClusterClient). - Sanitization: Absent. The provided templates do not include sanitization, validation, or escaping of data extracted from HTTP streams before using it in logic or downstream calls.
Recommendations
- AI detected serious security threats
Audit Metadata