backend-go-cli
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE]: The skill documentation and example assets follow industry best practices for Go CLI development, including proper error handling, configuration management, and I/O patterns.
- [EXTERNAL_DOWNLOADS]: The skill references several well-known and trusted Go libraries such as github.com/spf13/cobra, github.com/spf13/viper, and github.com/fatih/color. These are standard dependencies in the Go ecosystem and do not pose an unusual security risk.
- [INDIRECT_PROMPT_INJECTION]: As a development tool for reviewing and extending code, the skill naturally ingests untrusted content from the user's project files. This creates an attack surface for indirect prompt injection where malicious instructions hidden in code comments could attempt to influence the agent.
- Ingestion points: User-provided Go source files and configuration files (e.g., .myapp.yaml) accessed via Read, Glob, and Grep tools.
- Boundary markers: Absent. The skill does not provide specific instructions to the agent to distinguish between its core instructions and data found in user files.
- Capability inventory: The skill allows file system modifications (Edit, Write) and shell command execution using the Go toolchain (go, git, golangci-lint).
- Sanitization: None detected. The agent processes the file content as raw text.
Audit Metadata