Skills
skills/metalagman/agent-skills/go-options-gen/Gen Agent Trust Hub

go-options-gen

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (HIGH): The skill instructs the installation of the options-gen tool from github.com/kazhuravlev/options-gen. This repository and organization are not within the defined trusted source list, posing a supply-chain risk.
  • [COMMAND_EXECUTION] (HIGH): The workflow relies on go generate ./.... This command scans Go source files for //go:generate directives and executes the accompanying shell commands. If the agent is used to process or complete code from untrusted sources, an attacker could embed malicious commands within these directives to achieve arbitrary command execution on the host.
  • [REMOTE_CODE_EXECUTION] (MEDIUM): The skill workflow involves downloading, installing, and executing a remote binary (options-gen) using go install and go tool. Because the source is unverified, this constitutes a risk of executing potentially malicious remote code.
  • [DATA_EXFILTRATION] (LOW): The example in assets/go-generate/client.go demonstrates a pattern where a sensitive token is appended to a URL query parameter. While used for localhost in the example, this pattern encourages insecure transmission of credentials.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 09:58 AM