Skills
skills/yet-another-ai-project/kiwi-skills/kiwi-go-backend/Gen Agent Trust Hub

kiwi-go-backend

Warn

Audited by Gen Agent Trust Hub on Feb 21, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • CREDENTIALS_UNSAFE (MEDIUM): The Makefile in references/database-workflow.md includes a hardcoded password (pgpass) for a development database instance. While intended for dev, hardcoding credentials in instructions is a best-practice violation.
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill relies on multiple third-party libraries from untrusted organizations, including github.com/Yet-Another-AI-Project/kiwi-lib and github.com/futurxlab/golanggraph.
  • REMOTE_CODE_EXECUTION (MEDIUM): The database workflow involves running go run on the remote entgo.io package to generate repository code, which constitutes executing code fetched from the network.
  • DATA_EXFILTRATION (LOW): The Makefile implements a pattern where a database connection string is extracted from a configuration file and used in a shell command, which could expose sensitive information in execution logs.
  • COMMAND_EXECUTION (LOW): The skill instructions involve executing various system commands through a Makefile, including atlas, docker, and jq.
  • PROMPT_INJECTION (SAFE): No malicious override or bypass instructions were detected.
  • INDIRECT_PROMPT_INJECTION (LOW): The skill provides instructions for refactoring user-provided code without boundary markers or sanitization guidelines while utilizing sensitive system capabilities.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 21, 2026, 05:30 AM