backend-go-benchmark
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Contains instructions for system-level CPU tuning (governor settings, turbo boost) using
sudoon self-hosted runners to ensure benchmark reproducibility. These are high-privilege operations accompanied by prominent safety warnings. - Evidence:
echo performance | sudo tee /sys/devices/system/cpu/cpu*/cpufreq/scaling_governorinreferences/ci-regression.md. - [COMMAND_EXECUTION]: Recommends the
cobutility for regression gating, which usesgit resetinternally and is documented with a warning regarding data loss. - Evidence: Mention of
git resetbehavior inreferences/ci-regression.md. - [EXTERNAL_DOWNLOADS]: Recommends the installation of several community-standard third-party Go tools for performance tracking and visualization.
- Evidence: Usage of
go installforbenchdiff,cob,gobenchdata, andfgprofacross multiple reference files. - [DATA_EXFILTRATION]: Outlines workflows involving the capture of profiling data from remote services via
curland the publication of metrics to external dashboard hosting (GitHub Pages). - Evidence: Workflow descriptions in
references/pprof.mdandreferences/ci-regression.md. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it is designed to ingest and analyze output from benchmark runs and external profiling tools.
- Ingestion points: Benchmark stdout/text results and Go profile/trace binary data as described in
SKILL.mdandreferences/trace.md. - Boundary markers (absent): Processed data is not encapsulated in specific delimiters or safety wrappers before analysis.
- Capability inventory: Access to the full Go toolchain, git, curl, and various performance measurement CLIs via Bash.
- Sanitization (absent): No specific sanitization or instructions to ignore instructions embedded within the analyzed data are provided.
Audit Metadata