review-go
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill instructions are focused strictly on static analysis of Go code conventions such as concurrency, error handling, and resource management. It explicitly disclaims security and architectural reviews, delegating them to other specialized skills.
- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection as it processes untrusted Go code. Evidence chain: (1) Ingestion point: Code scope provided via input_schema in SKILL.md. (2) Boundary markers: Absent; no instructions are provided to use delimiters or ignore embedded directives within the analyzed source. (3) Capability inventory: No dangerous capabilities (no file-write, network, or subprocess calls) are defined in the skill or agent.yaml. (4) Sanitization: No sanitization or validation of the input code is specified. This represents a surface risk mitigated by the absence of exploitable system tools.
Audit Metadata