Go Concurrency Web

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Go concurrency guide with minor example-quality caveats but no hidden access, install behavior, or data handling.

Install is reasonable if you want Go concurrency guidance. Treat the code snippets as patterns to adapt rather than drop-in production code, especially around context cancellation, and approve race-detector test/build commands only when running the project’s Go tests and builds is acceptable.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The document emphasizes graceful shutdown and context-based exit paths (L019, L035-L036) and later explicitly labels use of context.Background() in request handling as bad because it loses cancellation (L212-L220). However, the worker implementation invokes every job with context.Background(), which actively contradicts that guidance by severing cancellation propagation for background work.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal