Skills
skills/chainloop-dev/chainloop/upgrading-golang/Gen Agent Trust Hub

upgrading-golang

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches the Atlas CLI installation script from the official well-known domain https://atlasgo.sh.
  • [REMOTE_CODE_EXECUTION]: Executes the Atlas CLI installation script by piping the downloaded content directly to the shell (curl ... | sh). This is a standard installation method for the tool.
  • [COMMAND_EXECUTION]: Executes several system commands including docker pull for official Go and Atlas images, and development tools such as make, buf, wire, and go mod tidy for verification and maintenance.
  • [PROMPT_INJECTION]: The skill uses user-provided version strings to construct shell commands and update repository files, creating a surface for indirect prompt injection.
  • Ingestion points: Target versions for Go and Atlas provided by the user in SKILL.md.
  • Boundary markers: No delimiters or "ignore embedded instructions" warnings are present around the interpolated version strings.
  • Capability inventory: File writing across the codebase (go.mod, Dockerfiles, GitHub workflows) and execution of shell commands (docker, curl, make).
  • Sanitization: No input validation or sanitization is performed on the user-provided version strings before use in shell commands or file updates.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 11:35 PM