go-create-service
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- PROMPT_INJECTION (LOW): The skill instructs the agent to generate files and code using variables like
<module>and<service_name>provided by the user. Without explicit sanitization, this creates a potential surface for path traversal or code injection.\n - Ingestion points: Variables
<module>and<service_name>are used to construct file paths (e.g.,internal/modules/<module>/service/).\n - Boundary markers: Absent. The skill does not provide delimiters or instructions to ignore malicious characters in the input.\n
- Capability inventory: The skill's primary function is to write multiple files to the local filesystem.\n
- Sanitization: Absent. There are no instructions to validate or escape the module or service name variables.\n- EXTERNAL_DOWNLOADS (LOW): The code templates and suggested verification steps rely on external Go packages from an untrusted GitHub account.\n
- Evidence: The service implementation snippets use imports from
github.com/cristiano-pacheco/bricksandgithub.com/cristiano-pacheco/pingo.
Audit Metadata