go-style-guide
Warn
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute a variety of shell commands for code formatting, linting, and testing. Specifically:
- It references several Go-specific commands in
SKILL.mdandreferences/quality-gate-command-matrix.md, such asgofmt,go vet,staticcheck, andgo test ./... -race. The latter command executes the project's own test code, which could be malicious. SKILL.mdalso instructs the agent to run internal automation scripts:python3 scripts/resolve_style_guides.pyandpython3 scripts/validate_trigger_matrix_sync.py. These scripts are not included in the provided files for auditing, posing a risk of unknown behavior.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes external, untrusted Go source code and configuration files.
- Ingestion points: The skill reads and analyzes
.go,go.mod,go.sum, andgo.workfiles as specified in the trigger description inSKILL.md. - Boundary markers: There are no explicit boundary markers or instructions to the agent to disregard natural language instructions that might be embedded in code comments or string literals within the files being processed.
- Capability inventory: The agent has the capability to execute shell commands (
go test,python3) and output modified code back to the user or filesystem. - Sanitization: The skill does not mention any sanitization, validation, or filtering of the content extracted from the Go files before it is used in the agent's logic or executed via the command line.
Audit Metadata