golang-samber-slog
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates the logging of HTTP request and response bodies through various middlewares (e.g., slog-gin, slog-echo), which introduces a surface for indirect prompt injection. 1. Ingestion points: HTTP middleware components like slog-gin and slog-echo can capture untrusted request/response bodies. 2. Boundary markers: No specific boundary markers or instructions to ignore embedded instructions are included in the default log patterns. 3. Capability inventory: The skill allows for significant local operations including go command execution via Bash, file writing, and network access via WebFetch. 4. Sanitization: The skill highlights the use of slog-formatter for PII scrubbing, which provides a partial mitigation for data sensitivity but does not prevent logic injection.
- [EXTERNAL_DOWNLOADS]: The skill documentation references and provides instructions for installing numerous Go packages from the samber GitHub organization (e.g., github.com/samber/slog-multi, github.com/samber/slog-sampling). These are official vendor resources for the described logging framework.
Audit Metadata