golang-observability
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or security vulnerabilities were identified in the instructions or referenced content.
- [SAFE]: The skill integrates with established industry services (such as Datadog, Sentry, PostHog, and Segment) and utilizes standard Go libraries (slog, OpenTelemetry, Prometheus) for observability tasks.
- [SAFE]: All external library recommendations are appropriate for the skill's purpose and correspond to the author's own repositories or recognized community standards.
- [SAFE]: The instructions include proactive security and privacy advice, such as securing profiling endpoints and ensuring GDPR/CCPA compliance when handling user event data.
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it is designed to analyze project code and retrieve external web content. This surface is a known vulnerability for agents with these capabilities.
- Ingestion points: Accesses project files using Read, Glob, and Grep tools and retrieves external content via WebFetch and WebSearch.
- Boundary markers: No specific boundary markers or instructions to ignore embedded commands are present in the provided guides.
- Capability inventory: The agent has file system permissions (Edit, Write) and the ability to execute development-related shell commands (go, golangci-lint, git).
- Sanitization: The skill does not describe processes for sanitizing or validating ingested data from external sources before analysis.
Audit Metadata