golang
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is intended to process and analyze external Go source code files (
.go) and module files (go.mod). This creates an indirect prompt injection surface where malicious instructions could be embedded within the source code to influence the agent's behavior. - Ingestion points: Processes
.gofiles andgo.modfiles as specified in the skill's description. - Boundary markers: No explicit delimiters or instructions to ignore embedded natural language commands within the code files are provided.
- Capability inventory: The skill uses
mcp__acp__Bashto execute commands such asgo test,go build, andgo fixacross the project files. - Sanitization: There is no evidence of sanitization or validation of the code content before it is processed or analyzed.
- [COMMAND_EXECUTION]: The skill includes bash command snippets for common Go development tasks, such as formatting (
gofmt), running static analysis (go vet,golangci-lint), and executing tests (go test -race). These are standard operations for the intended use case. - [EXTERNAL_DOWNLOADS]: Mentions well-known and trusted Go community packages and tools, including
pgx,easyjson,sqlc, andfgprof. These are standard technical dependencies within the Go ecosystem and do not represent a security risk.
Audit Metadata