Back to skill

Security audit

Golang Documentation

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-focused Go skill with disclosed editing and Go tooling permissions, and no evidence of hidden installation, exfiltration, persistence, or destructive behavior.

Install this if you want help improving Go project documentation. Review generated documentation before publishing, and do not submit private code or internal docs to Go Playground, pkg.go.dev, Context7, DeepWiki, OpenDeep, zRead, or similar services unless that exposure is intended.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The invocation guidance is broad enough to trigger on many ordinary Go documentation or review conversations, increasing the chance the skill is auto-invoked in contexts where its expansive workflow, tool access, and external-action suggestions are unnecessary. Over-broad triggering can cause unintended agent behavior, scope creep, and unnecessary use of tools or sub-agents, which raises the attack surface even if the content is not overtly malicious.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.