Skills
skills/notque/claude-code-toolkit/go-code-review/Gen Agent Trust Hub

go-code-review

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes multiple shell commands for building, testing, and linting Go code (e.g., go build, go test, go vet). It also executes a local maintenance script scripts/check-interface-compliance.sh to identify missing interface assertions.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests and processes untrusted data from Go source files and pull request metadata during its review phases.
  • Ingestion points: Processes .go source files, CLAUDE.md, and pull request context (titles, descriptions, issues).
  • Boundary markers: Absent; there are no specific delimiters or instructions to treat ingested code as data only, increasing the risk that the agent may follow instructions embedded in comments or strings.
  • Capability inventory: Access to Bash (used to execute builds and tests), Read, Write, and Edit tools.
  • Sanitization: Absent; the skill does not include any validation or sanitization steps for the code it analyzes before processing or running tests.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 01:29 PM