go-security-vulnerability
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads the Go binary package from the official golang.org website during installation. This is a well-known and trusted source for Go development tools.\n- [COMMAND_EXECUTION]: The skill guides the user through running standard Go CLI commands such as go install, go build, and go test. These commands are used as intended for security scanning and project maintenance.\n- [INDIRECT_PROMPT_INJECTION]: The skill interacts with local project files to scan for vulnerabilities. While this represents an ingestion point for external data (source code and dependency lists), the risk is mitigated by the use of standard, official auditing tools.\n
- Ingestion points: Local Go project source files and module definitions referenced in SKILL.md.\n
- Boundary markers: None identified in the prompt templates.\n
- Capability inventory: go build, go test, go install, go get as listed in SKILL.md.\n
- Sanitization: None; reliance on the underlying security tools (govulncheck) for safe processing.
Audit Metadata