Back to skill

Security audit

Golang Observability

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Go observability guidance skill, with expected but privacy-sensitive telemetry examples users should adapt carefully.

Install if you want Go observability guidance. Before copying examples into production, review what data will leave your service: avoid PII and secrets in logs/traces, use route templates for metrics labels, require consent for analytics/RUM, protect pprof endpoints, and add authentication/authorization to any data export or deletion endpoints.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The example explicitly adds `order_id` and `user_id` as structured error attributes that are likely to be recorded into logs and tracing backends. In observability systems, these fields are often widely accessible, retained for long periods, and replicated to third-party vendors, so encouraging identifier capture without any minimization, redaction, or privacy guidance can lead to unnecessary exposure of personal or sensitive data.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.