Skills
skills/ezbuy/ezorm/ezorm-skills/Gen Agent Trust Hub

ezorm-skills

Pass

Audited by Gen Agent Trust Hub on Feb 26, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches documentation, schema references, and example YAML files from the author's official GitHub repository at https://raw.githubusercontent.com/ezbuy/ezorm/. This is performed during initialization via scripts/init.sh scripts.\n- [REMOTE_CODE_EXECUTION]: Downloads and executes the ezorm tool binary from the vendor's GitHub releases page (https://api.github.com/repos/ezbuy/ezorm/releases/latest). This is a standard installation process used to ensure the code generation utility is present.\n- [COMMAND_EXECUTION]: Executes the goimports utility to format generated Go source files and runs driver-specific plugin binaries using exec.Command as part of the core generation logic.\n- [PROMPT_INJECTION]: The skill exhibits surface area for indirect prompt injection through user-provided database schemas.\n
  • Ingestion points: cmd/gen.go reads schema files from user-defined paths.\n
  • Boundary markers: Absent.\n
  • Capability inventory: The skill has file system write access (os.OpenFile) and shell command execution capabilities (exec.Command).\n
  • Sanitization: Not explicitly identified for YAML/SQL metadata content.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 26, 2026, 01:14 PM