go-mode
Warn
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill references an
exectool for shell command execution. This allows the agent to run arbitrary system commands, which is a significant risk in an autonomous workflow, especially if user confirmation instructions are bypassed or if malicious commands are generated through compromised planning. - [DATA_EXFILTRATION]: The skill implements a workflow that retrieves data from the web (using
web_searchandweb_fetch) and has the capability to send information externally through Gmail, Telegram, and thebirdCLI. This creates a functional pipeline for exfiltrating sensitive local data if the agent is directed to process and then transmit local information. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its autonomous 'read-then-act' nature.
- Ingestion points: Data enters the agent context through
web_fetch,web_search, and local file reads (referenced inSKILL.md). - Boundary markers: There are no explicit delimiters or specific instructions provided to the agent to disregard instructions embedded within the external data it retrieves.
- Capability inventory: The skill can execute shell commands (
exec), send emails (Gmail), post to social media (birdCLI), and modify local files. - Sanitization: The skill documentation lacks any description of sanitizing or validating external content before it influences the agent's planning or execution phases.
- [CREDENTIALS_UNSAFE]: The instructions explicitly mention the agent's role in 'changing permissions, credentials, or configs'. Interacting with these sensitive system resources can lead to privilege escalation or the introduction of persistent unauthorized access if the logic is exploited.
Audit Metadata