go-cli
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [Prompt Injection] (SAFE): No instructions attempting to override agent behavior or bypass safety filters were found. The skill documentation provides legitimate usage examples for interaction.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, sensitive file paths, or unauthorized network operations were identified. Code examples in SKILL.md for network operations are educational and intended for user-controlled implementations.
- [Obfuscation] (SAFE): No encoded content, zero-width characters, or homoglyphs were detected across all files.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The validation script uses standard libraries and PyYAML. No remote script execution patterns (e.g., curl|bash) or runtime code injection were found.
- [Privilege Escalation] (SAFE): No commands for acquiring elevated permissions (sudo, chmod 777) or modifying system-level configurations were present.
- [Persistence Mechanisms] (SAFE): No attempts to create cron jobs, modify shell profiles, or establish startup tasks were detected.
- [Metadata Poisoning] (SAFE): Metadata fields are descriptive and contain no hidden instructions or deceptive information.
- [Indirect Prompt Injection] (SAFE): The skill provides templates and does not ingest untrusted external data that influences high-capability tools. The attack surface is negligible.
- [Time-Delayed / Conditional Attacks] (SAFE): Logic is straightforward and contains no time-gated or environment-triggered malicious conditions.
- [Dynamic Execution] (SAFE): No use of eval(), exec(), or unsafe deserialization of untrusted data was found. Python scripts use safe loading for configuration files.
Audit Metadata