go-mode
Warn
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to plan and execute tasks using powerful tools, including a specific reference to
execfor shell command execution inSKILL.md. This allows the agent to perform arbitrary system operations if directed by a generated plan.\n- [REMOTE_CODE_EXECUTION]: The framework integrates with code generation models (codex,claude) to create and potentially run code as part of goal completion. This dynamic code generation and execution cycle presents a high-risk capability if the generated code is influenced by malicious input.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from various sources (web searches, full web page fetching, and Gmail messages).\n - Ingestion points:
web_search,web_fetch, and Gmail integration (referenced inSKILL.md).\n - Boundary markers: The instructions lack specific delimiters to separate untrusted external content from agent instructions.\n
- Capability inventory: Access to
exec(shell), file writing, and multiple network-based communication tools (Gmail, Telegram, Bird CLI).\n - Sanitization: No explicit sanitization or filtering of external content is defined before the agent processes it to form or modify execution plans.\n- [DATA_EXFILTRATION]: The skill references tools that have the combined capability to read sensitive information (via
qmd searchof knowledge bases or file reading) and transmit data externally via integrated communication tools like Telegram, Gmail, and Notion.
Audit Metadata