review-go
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes standard development tools including
git,grep,go build,go vet, andgolangci-lintto analyze and verify the codebase. - [REMOTE_CODE_EXECUTION]: The skill runs
go test -v -racein Step 7, which executes the project's own code to verify fixes. This is a standard and expected behavior for a code review tool. - [PROMPT_INJECTION]: The skill evaluates source code files and git diffs, creating an indirect prompt injection surface where instructions hidden in code could influence agent behavior.
- Ingestion points: Processes output from
git diff(Step 1) and reads project source files (Step 6). - Boundary markers: Absent. The skill does not define specific delimiters to separate untrusted code from its own instructions.
- Capability inventory: Can execute shell commands via the Go toolchain and spawn sub-agents using the
Tasktool. - Sanitization: Absent. The skill does not mention sanitizing or escaping content from the codebase before processing.
Audit Metadata