golang-documentation
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface identified. The skill's primary function is to read, document, and review Go source code and markdown files. These files are untrusted inputs that may contain malicious instructions embedded in comments or documentation strings. The skill lacks explicit instructions for the agent to utilize boundary markers or safety delimiters when processing this content. Given the skill's extensive permissions—including
Bash,Agent(parallel execution), andWebFetch—this ingestion surface allows for potential manipulation of agent tasks via the codebase it analyzes.\n - Ingestion points: Go source code and project documentation files accessed via
Read,Edit,Glob, andGreptools.\n - Boundary markers: Absent. There are no instructions to wrap untrusted data in specific delimiters or to warn the model against following embedded instructions.\n
- Capability inventory:
Bash,Agent,WebFetch,Write,Read,Edit.\n - Sanitization: No explicit sanitization or validation of input content is mandated before it is processed by the agent or sub-agents.
Audit Metadata