golang-pro
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): The instructions are focused on Go development best practices. There are no attempts to override system prompts or bypass safety guidelines.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, sensitive file paths, or network exfiltration commands were found. The skill mentions security best practices like secret management but does not implement any risky operations.
- [Obfuscation] (SAFE): The content is clear and uses standard Markdown formatting with no hidden or encoded strings.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): No remote scripts are downloaded or executed. The skill references standard Go ecosystem tools (e.g., golangci-lint, wire) as knowledge capabilities, not as executable commands.
- [Privilege Escalation] (SAFE): No commands for escalating privileges (e.g., sudo, chmod) are present.
- [Persistence Mechanisms] (SAFE): No patterns related to maintaining access across sessions, such as modifying shell profiles or cron jobs.
- [Metadata Poisoning] (SAFE): Metadata fields (name, description, author) are consistent with the skill's purpose and contain no deceptive instructions.
- [Indirect Prompt Injection] (SAFE): The skill defines behavioral traits for an AI assistant. It does not ingest or process external data via scripts, presenting a low risk for indirect injection vulnerabilities.
- [Time-Delayed / Conditional Attacks] (SAFE): No time-based or environment-based triggers for malicious actions were detected.
- [Dynamic Execution] (SAFE): No use of dynamic code execution (eval, exec) or unsafe deserialization techniques.
Audit Metadata