Skills
skills/jssfy/k-skills/go-backend-reviewer/Gen Agent Trust Hub

go-backend-reviewer

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The instructions suggest executing go build -race and go test -race to diagnose race conditions and build errors. Running build or test processes on untrusted source code can lead to arbitrary code execution on the host environment if the repository contains malicious code in init() functions or test setups.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted external data.
  • Ingestion points: The agent reads Go source files, git diffs, and PR descriptions using Read, Grep, and Glob tools.
  • Boundary markers: The instructions do not specify any delimiters or safety markers to isolate the analyzed code from the agent's instructions.
  • Capability inventory: The agent can execute shell commands via Bash, including compilation and testing tools.
  • Sanitization: There is no mention of sanitizing or escaping the content of the files before processing them for review.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 06:07 PM