go-mode
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use an
exectool for running shell commands as part of task execution. While this is central to the skill's purpose of autonomous goal completion, it grants the agent substantial control over the underlying system environment. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it is designed to ingest and process untrusted data from external sources.
- Ingestion points: The workflow relies on
web_fetch,web_search, and file-reading tools to gather information (SKILL.md). - Boundary markers: There are no explicit instructions or delimiters defined to separate untrusted external content from the agent's core instructions.
- Capability inventory: The skill utilizes high-privilege tools including
exec(shell access),Gmail(email),Telegram, andbird(Twitter/X CLI) (SKILL.md). - Sanitization: The instructions do not prescribe any sanitization, validation, or escaping of data retrieved from external sources before it is used in the planning or execution phases.
- [DATA_EXFILTRATION]: The skill's architecture facilitates data movement by combining file access with network-capable communication tools (Email, Messaging, Social Media). Although the skill mandates human approval for external communications, the inherent capability exists within the workflow, presenting a risk if guardrails are bypassed or if a user is socially engineered into approving a malicious plan generated from injected data.
Audit Metadata