kiwi-go-agent

[Skill Scanner] [Documentation context] Credential file access detected This skill is documentation/standards for building Go AI agents and does not include obvious malicious code. The main risks are legitimate: network calls to LLMs and arbitrary tool implementations can exfiltrate conversation data or credentials if tools or checkpointer backends are misconfigured or untrusted. The spec's explicit patterns (storing full_results in Metadata, recommending Redis for production, and wrapping external MCP servers as tools) increase the scope for credential forwarding and data leakage if implementers are careless or incorporate untrusted third-party tools. No direct malware indicators were found. LLM verification: [LLM Escalated] This SKILL.md is a documentation/standards file for building Go-based AI agents. It contains no executable malicious code or obfuscated payloads. However, it recommends powerful capabilities (persisting full tool results in Metadata, using Redis checkpointer, and proxying to external MCP servers) without mandating controls like encryption, redaction, or endpoint validation. Those patterns increase the risk that downstream implementations could exfiltrate secrets or forward credentials. Treat the