golang-modernize
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill performs network requests to well-known domains (go.dev and github.com) to retrieve Go version information, release notes, and changelogs. This is an essential function for determining the appropriate modernization path and does not involve the exfiltration of sensitive user data.
- [EXTERNAL_DOWNLOADS]: The skill suggests installing tools like govulncheck directly from the official golang.org repository managed by Google. This is a standard and safe procedure for Go developers.
- [COMMAND_EXECUTION]: The skill utilizes development-related commands such as go mod, go get, and golangci-lint to manage project configuration and analyze code. These operations are within the expected scope of a modernization tool.
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it is designed to fetch and read external changelogs and documentation which are controlled by third parties.
- Ingestion points: SKILL.md (Workflow Step 8)
- external changelogs retrieved via WebFetch or WebSearch.
- Boundary markers: Absent; the skill does not explicitly define delimiters to separate fetched web content from its own instructions.
- Capability inventory: The skill possesses file writing (Edit, Write), shell access (Bash), and the ability to delegate tasks to sub-agents (Agent).
- Sanitization: No specific content sanitization or verification processes are described for the external documentation it processes.
Audit Metadata