Skills
skills/gopherguides/gopher-ai/gopher-guides/Gen Agent Trust Hub

gopher-guides

Pass

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill transmits user-provided Go source code and git diffs to the vendor's API at gopherguides.com to perform audits and reviews. This is a core part of the skill's functionality as a Go training tool.
  • [COMMAND_EXECUTION]: The skill executes shell commands using curl and a local cache script (cache-api.sh) to interact with the Gopher Guides API and manage local data stored in .claude/gopher-guides-cache.json.
  • [PROMPT_INJECTION]: The skill processes untrusted user data (code and diffs), which presents an indirect prompt injection surface.
  • Ingestion points: The audit and review endpoints (in SKILL.md) ingest user code and diff output directly into JSON payloads for the API.
  • Boundary markers: No specific boundary markers or 'ignore' instructions are used when embedding user content into the API requests.
  • Capability inventory: The skill possesses the ability to execute shell commands (curl) and perform network requests to the vendor domain.
  • Sanitization: There is no evidence of sanitization or escaping of the user-provided code before it is passed to the API or the local script.
Audit Metadata
Risk Level
SAFE
Analyzed
May 2, 2026, 07:40 AM