go-practice
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the agent's environment to execute shell commands including
go test,go run, andgofmt. These commands are used to verify exercise correctness and review user solutions, which involves executing Go code that could contain arbitrary logic. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from the
learning-log.mdfile and user-provided code solutions to adapt its instructional behavior. - Ingestion points: The agent reads the
learning-log.mdfile (Step 4) and user solutions (Step 9) from the local repository/home/laborant/repos/go-practice. - Boundary markers: No boundary markers or specific instructions to ignore embedded commands within these files are provided.
- Capability inventory: The skill can execute shell commands (
go,git), write to the filesystem, and perform git operations. - Sanitization: No sanitization or validation of the ingested content is performed before it is used to influence the agent's prompts and decisions.
Audit Metadata