go-anti-patterns
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to ingest and analyze external Go source code, which serves as an untrusted data source. There is a potential for indirect prompt injection if malicious instructions are embedded within the code being reviewed (e.g., in comments). The skill lacks explicit boundary markers or sanitization instructions to mitigate this risk, and it operates with high-privilege tools including Bash and file modification capabilities.
- Ingestion points: Go source code files provided by the user for review (SKILL.md).
- Boundary markers: None explicitly defined to isolate untrusted code from instructions.
- Capability inventory: Read, Write, Bash, Grep, Glob, Edit, Task (SKILL.md frontmatter).
- Sanitization: None identified for the processed source code content.
Audit Metadata