golang-master
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes Go toolchain commands ('go vet', 'gofmt', 'go mod tidy', 'go test') through shell scripts to analyze project code. It includes input validation to restrict benchmark patterns and verify directory existence.
- [EXTERNAL_DOWNLOADS]: The 'go mod tidy' command downloads external modules from standard registries, which is the expected behavior for Go projects.
- [SAFE]: All documentation links target trusted organizations, including the official Go website and Uber's GitHub repository.
- [PROMPT_INJECTION]: The skill processes untrusted project source code during linting and benchmarking. While it validates script arguments, it lacks explicit boundary markers or instructions to ignore embedded prompts within the analyzed files, presenting a potential indirect prompt injection surface.
Audit Metadata