golang-gin-testing
Warn
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [METADATA_POISONING]: The skill metadata and documentation attribute the content to 'henriqueatila', whereas the system context identifies the author as 'cylixlee'. This discrepancy is deceptive and could mislead users about the source of the skill.
- [INDIRECT_PROMPT_INJECTION]: The skill provides utility code that is vulnerable to SQL injection if used with untrusted data. Evidence: In 'references/e2e.md' and 'references/integration-tests.md', functions such as 'truncate' and 'LoadFixture' ingest data via 'tables' and 'path' parameters and interpolate them directly into SQL commands without sanitization or boundary markers. Capability: The resulting strings are executed via 'db.Exec', allowing for arbitrary database manipulation.
- [DYNAMIC_EXECUTION]: The skill documents patterns for constructing and executing SQL strings at runtime, which represents a risk if input parameters are not strictly validated against a whitelist.
Audit Metadata