Skills
skills/iceleaf916/my-cc-plugins/go-frame-best-practices/Gen Agent Trust Hub

go-frame-best-practices

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHCREDENTIALS_UNSAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • CREDENTIALS_UNSAFE (HIGH): Hardcoded sensitive information found in example code and configuration files.
  • Evidence: references/configuration.md contains a hardcoded MySQL password 12345678.
  • Evidence: examples/middleware-example.go and references/middleware.md use a hardcoded authentication token 123456.
  • PROMPT_INJECTION (LOW): The skill exhibits an indirect prompt injection attack surface by processing untrusted user data.
  • Ingestion points: HTTP request handlers in internal/controller/user/user.go and middleware components process untrusted input.
  • Boundary markers: Absent; no specific instructions provided to the agent to ignore or delimit embedded instructions within the processed request data.
  • Capability inventory: The logic layer performs database queries (l.db.Model) and responses to network requests.
  • Sanitization: Documentation recommends use of g.Validator() for data validation as a primary defense.
  • COMMAND_EXECUTION (SAFE): Use of framework-specific CLI tools for development.
  • Evidence: SKILL.md and CLAUDE.md reference gf run, gf gen ctrl, and gf gen service which are standard GoFrame development tools.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:12 PM