Skills
skills/yet-another-ai-project/kiwi-skills/kiwi-go-agent/Gen Agent Trust Hub

kiwi-go-agent

Fail

Audited by Gen Agent Trust Hub on Feb 21, 2026

Risk Level: CRITICALPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION] (LOW): Indirect Prompt Injection surface detected in the title generation logic. Untrusted input is directly embedded into the prompt template, allowing for potential override of the title generation instructions.\n
  • Ingestion points: The content variable in references/langchain-chains.md (read from inputs["content"]).\n
  • Boundary markers: Absent. The user-provided text is appended directly after a label in prompt.txt.\n
  • Capability inventory: The interpolated prompt is used in c.llm.GenerateContent to generate a text completion.\n
  • Sanitization: Absent. No escaping or validation of the input string is performed.\n- [EXTERNAL_DOWNLOADS] (LOW): The code examples reference third-party Go modules from non-standard repositories.\n
  • Evidence: Import of github.com/leeif/langchaingo and github.com/futurxlab/golanggraph. These are not from the trusted organization list but appear as educational references in this context.\n- [SAFE] (INFO): Malicious URL Alert Analysis.\n
  • The scanner alert for llms.Me is a false positive caused by the automated tool misparsing the Go data type llms.MessageContent as a domain name. No actual references to malicious domains were found in the source code.
Recommendations
  • Contains 2 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 21, 2026, 05:29 AM