go-backend-dev-workflow
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute directory listings, create folders, and run local shell scripts (
ops-*.sh) for testing. These actions are standard for development workflows and scoped to the project directory. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting and acting upon project documentation that could be externally influenced. * Ingestion points: Reads implementation plans from
tasks/todo.mdand technical design documents from thedocs/directory. * Boundary markers: No explicit delimiters or safety instructions are used when interpolating file content into the agent's context. * Capability inventory: Access to theBashtool for command execution andWrite/Editfor file system modification. * Sanitization: Content from ingested documents is processed directly without validation or filtering.
Audit Metadata