go-test
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill constructs shell commands, such as 'go test -run {TestName}', using user-provided strings for file paths and function names. Without explicit instructions for input sanitization, this creates a potential surface for command injection if the agent executes strings containing shell metacharacters.
- [Indirect Prompt Injection] (LOW): The skill reads and analyzes local Go source files to generate test templates, which could be exploited by malicious code comments. 1. Ingestion points: Reads local Go source files (SKILL.md Step 2). 2. Boundary markers: Absent. 3. Capability inventory: Execution of 'go test', 'uname', 'awk', and 'sed' via the terminal. 4. Sanitization: Absent. Maliciously crafted source files could attempt to influence the agent's logic during the analysis phase.
Audit Metadata