go-backend-init
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill creates an attack surface for indirect prompt injection by interpolating user-provided inputs (Project Name, Service Names) directly into shell commands and file templates. Ingestion points: User-provided project details in the SKILL.md checklist. Boundary markers: Absent. Capability inventory: Execution of go mod init, go generate, and go build using user-provided strings. Sanitization: Absent.
- [COMMAND_EXECUTION]: The skill requires the agent to execute shell commands to initialize the repository, generate ORM code, and build the project.
- [EXTERNAL_DOWNLOADS]: The provided CI workflow template installs the Nilaway static analysis tool from go.uber.org.
- [SAFE]: The skill utilizes well-known, industry-standard libraries from trusted sources such as Uber, Google, and the Ent ORM team.
- [SAFE]: Security best practices are followed, such as excluding sensitive environment files (.env) from version control via .gitignore.
Audit Metadata