go-backend-reviewer
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary function is to provide expert code review for Go backend projects. It includes a comprehensive checklist covering logic correctness, resource management, and security best practices (e.g., checking for SQL injection and hardcoded secrets).
- [COMMAND_EXECUTION]: The skill uses the
Bashtool to run standard Go diagnostic commands such asgovulncheckandgo test -race. While these commands execute code from the repository being analyzed, they are part of the intended code review and testing workflow. - [EXTERNAL_DOWNLOADS]: The instructions refer to well-known Go frameworks and libraries (e.g., GORM, Hertz, Gin) and standard Go toolchain utilities. No unverified or suspicious external scripts or packages are downloaded.
- [INDIRECT_PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it ingests untrusted code from repositories and has the capability to execute shell commands via
Bash. However, this is inherent to its purpose as a code analysis tool, and the risk is mitigated by its specific focus and thedisable-model-invocationsetting. - Ingestion points: Reads Go source files, configuration files (e.g.,
go.mod), and repository metadata usingRead,Glob, andGreptools. - Boundary markers: Not explicitly defined in the prompt instructions.
- Capability inventory: Can execute shell commands via the
Bashtool to run builds, tests, and security scans. - Sanitization: No specific sanitization or filtering of input code is mentioned before processing.
Audit Metadata