Skills
skills/italypaleale/skills/go-service-scaffolder/Gen Agent Trust Hub

go-service-scaffolder

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [Command Execution] (LOW): The skill instructs the agent to execute several shell commands including go mod init, go mod tidy, go test ./..., and git init on the host system. While these are standard development tools, they are executed within the user's environment.
  • [Indirect Prompt Injection] (LOW): The workflow relies on untrusted user input that is directly interpolated into shell commands.
  • Ingestion points: User provides App name, Go module path, and GitHub owner which are stored as variables.
  • Boundary markers: Absent. There are no instructions or delimiters provided to ensure the agent treats these inputs as literal data rather than executable command segments.
  • Capability inventory: The skill has the capability to initialize Go modules, run tests (which executes generated code), and initialize git repositories.
  • Sanitization: Absent. The instructions do not specify any validation or escaping for the {{MODULE_PATH}} or {{APP_NAME}} variables before they are passed to the shell (e.g., go mod init <module-path>).
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 09:55 PM