encore-go-code-review
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No instructions were found that attempt to override agent behavior, bypass safety filters, or extract system prompts.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file path access, or unauthorized network requests were detected. The skill focuses on reviewing local code.
- Obfuscation (SAFE): No Base64, zero-width characters, homoglyphs, or other forms of hidden content were identified in the instruction set.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill does not install any packages or download/execute remote scripts.
- Privilege Escalation (SAFE): No commands like 'sudo' or permission modifications ('chmod') are present.
- Persistence Mechanisms (SAFE): No attempts to modify system configuration, cron jobs, or shell profiles were found.
- Metadata Poisoning (SAFE): Metadata fields correctly describe the skill's purpose without deceptive instructions.
- Indirect Prompt Injection (SAFE): Although the skill is designed to process untrusted Go code for review, it does not utilize any dangerous tools (e.g., file writes, network ops, or code execution) that would allow an injection in the processed data to compromise the system.
- Time-Delayed / Conditional Attacks (SAFE): No logic was found that gates actions based on time, date, or environment-specific triggers.
- Dynamic Execution (SAFE): No runtime compilation, dynamic loading of modules, or unsafe deserialization patterns were detected.
Audit Metadata