veadk-go-skills
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a development assistant for ByteDance's VeADK-Go framework. It correctly references official vendor-owned resources (github.com/volcengine/veadk-go) and follows best practices by using environment variables for API keys (e.g., OPENAI_API_KEY) in code examples. No malicious patterns such as obfuscation, credential exfiltration, or unauthorized command execution were detected.- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes untrusted user requirements and legacy Enio code to generate source files. This risk is inherent to its primary purpose as a code-generation assistant.
- Ingestion points: User feature requirements and existing Enio source code defined in SKILL.md.
- Boundary markers: The prompt instructions do not define specific delimiters or security warnings to separate user-provided content from agent instructions.
- Capability inventory: The skill includes instructions to save generated code to the filesystem (e.g., agent.py).
- Sanitization: No explicit validation of inputs or sanitization of generated code is implemented in the provided prompt logic.
Audit Metadata