Skills
skills/caarlos0/dotfiles/go-doc/Gen Agent Trust Hub

go-doc

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill's workflow includes go get package/path@version, which instructs the agent to download third-party code from the internet. This can lead to the ingestion of malicious modules if the package path is derived from untrusted user input.
  • COMMAND_EXECUTION (LOW): The skill executes shell commands (go get, go doc). While these are standard tools, they are used to process and interact with external, potentially untrusted source code.
  • INDIRECT_PROMPT_INJECTION (LOW):
  • Ingestion points: Processes content from go.mod files and external Go source code.
  • Boundary markers: None present in the provided instructions.
  • Capability inventory: Network downloads via go get and local code processing via go doc.
  • Sanitization: The skill lacks validation for package paths or versions before execution.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:14 PM