go-backend-init
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements secure environment variable management by providing a template for .env.example while explicitly excluding .env files from version control via .gitignore templates.\n- [SAFE]: All templates utilize official GitHub Actions and verified Go packages from trusted organizations and well-known repositories such as Google, Uber, and the Go project itself.\n- [SAFE]: System operations performed by the skill (e.g., go mod init, go build) are standard development tasks consistent with its stated purpose of project initialization and do not perform unexpected or privileged operations.\n- [INDIRECT_PROMPT_INJECTION]: The skill ingests user-provided metadata like module paths and service names for template interpolation, which is a standard scaffolding pattern.\n
- Ingestion points: User-provided inputs for MODULE_PATH, SERVICE_NAMES, and GO_VERSION defined in SKILL.md.\n
- Boundary markers: None explicitly present in the current template definitions.\n
- Capability inventory: Filesystem writes for repo scaffolding and standard Go toolchain execution (go build, go mod, go generate) in SKILL.md.\n
- Sanitization: Relies on the platform agent's standard string interpolation; no manual sanitization logic is provided in the skill instructions.
Audit Metadata