Skills
skills/samber/cc-skills-golang/golang-modernize/Gen Agent Trust Hub

golang-modernize

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from the project's codebase without sufficient sanitization or boundary markers.\n
  • Ingestion points: Reads go.mod, .modernize, and project source files using Read, Glob, and Grep tools.\n
  • Boundary markers: Absent; there are no instructions to the agent to treat file content as data only or to ignore embedded instructions.\n
  • Capability inventory: The skill has extensive capabilities including file modification (Edit, Write), command execution (Bash for go, git, and golangci-lint), and sub-agent invocation.\n
  • Sanitization: Absent; the skill does not define filters or validation steps for the content of the files it analyzes.\n- [SAFE]: The skill incorporates strong security recommendations, such as using os.Root to prevent path traversal and govulncheck to identify reachable vulnerabilities in dependencies.\n- [SAFE]: The skill limits its command execution environment to specific, well-known development tools (go, git, golangci-lint), reducing the risk of arbitrary system command execution.\n- [SAFE]: External resources and downloads refer to official Go project domains or the author's recognized repositories, with no evidence of typosquatting or malicious redirection.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 03:12 PM