static-analysis
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local commands
go vet,gosec, andgovulncheck. These are standard Go ecosystem tools used for finding bugs and security vulnerabilities. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes and interprets the output of security scanners which analyze potentially untrusted local source code. \n
- Ingestion points: Processes output from
go vet,gosec, andgovulncheckcommands within the local environment. \n - Boundary markers: No specific delimiters or instructions are used to separate the tool output from the agent's logic. \n
- Capability inventory: The skill is capable of executing subprocesses to run the analysis tools. \n
- Sanitization: There is no evidence of sanitization or filtering applied to the tool outputs before they are processed by the agent.
Audit Metadata