Skills
skills/samber/cc-skills-golang/golang-pkg-go-dev/Gen Agent Trust Hub

golang-pkg-go-dev

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the godig CLI tool using go install github.com/samber/godig/cmd/godig@latest. This is a tool provided by the skill author to facilitate the skill's primary functionality.
  • [COMMAND_EXECUTION]: The skill relies on the godig command to interact with the pkg.go.dev API and suggests configuring MCP servers via shell commands.
  • [PROMPT_INJECTION]: The skill processes and renders package documentation, README files, and symbol information from the external pkg.go.dev service into the agent context.
  • Ingestion points: Documentation and metadata are fetched from pkg.go.dev via godig subcommands such as package doc and module readme (defined in SKILL.md).
  • Boundary markers: The instructions do not specify the use of delimiters or warnings when presenting this external, untrusted content to the agent.
  • Capability inventory: The agent has capabilities to read, write, and execute various bash commands (Bash(go:*), etc.) as defined in the skill's frontmatter.
  • Sanitization: There is no mention of sanitization or filtering of the fetched documentation before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 11:43 AM
Security Audit — agent-trust-hub — golang-pkg-go-dev