go-best-practices
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill targets Go source file processing, creating a high-risk attack surface. * Ingestion points: External Go files (referenced in metadata). * Boundary markers: None provided. * Capability inventory: Code modification and generation. * Sanitization: None. Per the security framework, this capability tier requires a HIGH severity classification as it handles untrusted external data with write-access capabilities.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials or unauthorized data access patterns were detected; the use of environment variables for secrets follows security best practices.
- [SAFE] (SAFE): The automated scanner alert on 'client.Do' is a confirmed false positive on standard Go library method calls.
Recommendations
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata