golang-observability
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection.
- Ingestion points: It is designed to read and analyze source code and pull request content during coding, review, and audit modes (SKILL.md).
- Boundary markers: There are no explicit instructions for the agent to use delimiters or boundary markers to differentiate between its own instructions and untrusted content from the ingested files.
- Capability inventory: The skill has access to sensitive tools including file modification (
Edit,Write) and shell execution (Bash), which could be leveraged if the agent is manipulated by instructions embedded in processed code. - Sanitization: No specified mechanisms for sanitizing or escaping content from external data sources are described.
- [EXTERNAL_DOWNLOADS]: The skill references established open-source libraries and reputable monitoring platforms.
- It fetches configuration and alerting rules from the author's official GitHub repositories and associated documentation.
- It recommends official and well-known Go packages for OpenTelemetry, Prometheus, and Grafana.
- It integrates with verified analytics providers such as PostHog and Segment using official SDKs.
Audit Metadata