setup-golangci-lint

This skill organizes a comprehensive, automated process to install and configure golangci-lint and to make existing codebases pass by tuning configuration rather than changing source code. The primary technical risks are supply-chain and configuration-weakening patterns: installing binaries via curl|bash from raw.githubusercontent.com using unpinned 'latest', recommending migrate --skip-validation, and advising disabling/excluding critical security linters (gosec, errcheck, staticcheck) which can conceal real vulnerabilities. There is no direct credential exfiltration or reverse-shell code in the provided text, but the download-and-execute guidance and the systematic weakening of static checks create a meaningful security risk if followed automatically or without human review. Recommended mitigations: avoid pipe-to-shell installs (prefer pinned releases or package-managed installs), pin versions in CI, do not use --skip-validation for migrations without manual review, and do not wholesale disable critical security linters — prefer exclusions limited to known generated/third-party files with reviewer approval.