go-create-error
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFE
Full Analysis
- [Data Exposure] (SAFE): The skill instructions specify reading and writing to local Go project files (
internal/modules/<module>/errs/errs.go). This access is restricted to the local development environment and is necessary for the skill's primary function of maintaining code consistency. - [Remote Code Execution] (SAFE): While the skill references an external library (
github.com/cristiano-pacheco/bricks), it does so in the context of Go import statements for code generation. There are no instructions for the agent to execute shell commands, install untrusted packages, or run scripts. - [Indirect Prompt Injection] (LOW): The skill ingests data from existing source files to determine the next available error code.
- Ingestion points: Reads
internal/modules/<module>/errs/errs.goto scan for existing constants. - Boundary markers: No specific delimiters are used to separate existing code from the agent's workspace.
- Capability inventory: The skill is designed to perform file-system read and write operations on the project source code.
- Sanitization: The skill assumes the integrity of the source file it is modifying. This is considered acceptable risk given the developer-centric use case.
Audit Metadata