golang-development
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute Go-specific development commands such as 'go test', 'go run', and 'go tool pprof'. These operations are restricted to the context of the Go toolchain and are necessary for the skill's primary purpose.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it reads and processes external codebase files using 'Read', 'Grep', and 'Glob' tools.
- Ingestion points: Codebase analysis step uses file reading tools to ingest content from the project directory.
- Boundary markers: Absent. The instructions do not define specific delimiters or warnings to ignore instructions found within analyzed code comments or strings.
- Capability inventory: Includes 'Bash' for command execution, alongside 'Write' and 'Edit' for file modifications.
- Sanitization: None detected. The agent processes raw code content directly.
- [EXTERNAL_DOWNLOADS]: The skill references the installation of 'benchstat' from 'golang.org/x/perf/cmd/benchstat'. This is an official Go sub-repository and is considered a well-known, trusted source.
Audit Metadata