go-architect
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- Indirect Prompt Injection (LOW): The skill processes untrusted user input to generate file structures and manage dependencies, creating an attack surface. 1. Ingestion points: User-provided descriptions of project structure and features. 2. Boundary markers: None identified. 3. Capability inventory: file_create, add_dependency, verify_build. 4. Sanitization: None identified.
- EXTERNAL_DOWNLOADS (LOW): The skill utilizes the 'add_dependency' tool to install Go packages (e.g., github.com/jackc/pgx). These sources are outside the defined trusted organizations list. Severity is reduced from MEDIUM to LOW as this is a core requirement of the skill's purpose.
Audit Metadata