go-web-apis
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGH
Full Analysis
- [SAFE] (SAFE): No malicious patterns, obfuscation, or unauthorized access attempts were identified. All Go code snippets and the Python validation script follow standard development practices.\n- [Indirect Prompt Injection] (INFO): The skill provides templates for processing external web requests, representing an inherent attack surface for the resulting APIs. The templates correctly include mitigations such as input validation via the validator library. 1. Ingestion: Handler templates in SKILL.md take input from r.Body and URL parameters. 2. Boundary markers: N/A (educational templates). 3. Capability inventory: Database interactions and HTTP client calls in SKILL.md snippets. 4. Sanitization: Example handleCreateUser implementation uses the validator package for schema enforcement.\n- [Automated Scans] (INFO): External scan results for 'logger.Info' and 'c.client.Do' are confirmed false positives. These are standard methods in the Go slog and net/http libraries, respectively, and do not represent malicious URLs or phishing vectors.
Recommendations
- Contains 2 malicious URL(s) - DO NOT USE
Audit Metadata