go
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill instructs the agent to run shell commands including
make test,go test, andpsql. While these are standard for Go development, they represent a potential code execution vector if the agent is directed to work on a project with malicious build or test configurations. - [PROMPT_INJECTION] (LOW): The skill creates an indirect prompt injection surface by directing the agent to monitor
app.log. (1) Ingestion point: The skill states 'Log output from the running application is in app.log in the project root'. (2) Boundary markers: No delimiters or warnings are provided to prevent the agent from interpreting log content as instructions. (3) Capability inventory: The agent has access to terminal commands and Chrome Dev Tools. (4) Sanitization: There are no instructions for sanitizing or validating log data. - [EXTERNAL_DOWNLOADS] (LOW): The skill references several third-party Go modules (e.g.,
maragu.dev/is,github.com/go-chi/chi/v5). These dependencies are downloaded during the build/test process, which is standard behavior but carries the usual risks associated with external package registries.
Audit Metadata