backend-go-observability
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill includes 'Audit' and 'Review' modes that ingest and analyze external codebases, creating a surface for indirect prompt injection. Malicious instructions placed in the comments or metadata of the files being audited could potentially influence the agent's behavior during analysis.\n
- Ingestion points: The agent reads existing codebase content in the project directory during audit and review workflows (referenced in SKILL.md).\n
- Boundary markers: There are no explicit instructions or delimiters defined to isolate untrusted code content or to warn the agent to ignore instructions embedded within that data.\n
- Capability inventory: The agent has access to sensitive tools including Write, Edit, and Bash (for Go and Git operations), which increases the potential impact of a successful injection.\n
- Sanitization: No sanitization or filtering of the code content is performed before processing.\n- [EXTERNAL_DOWNLOADS]: The skill recommends the use of configuration and assets from well-known community sources and vendor-specific repositories.\n
- Grafana Dashboards: Recommends importing community-maintained dashboards (IDs 21221, 6671, 10826) from Grafana's official dashboard registry.\n
- Prometheus Alerts: References the 'awesome-prometheus-alerts' repository for standard infrastructure alerting rules.\n
- Internal Libraries: Directs users to the vendor's internal logging library 'prep-go-log' located at gitlab.testsprep.online.
Audit Metadata