Skills
skills/samber/cc-skills-golang/golang-continuous-integration/Gen Agent Trust Hub

golang-continuous-integration

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides templates that execute standard Go development tools including go test, go vet, golangci-lint, goreleaser, and the GitHub CLI (gh). These are used within the context of automated CI/CD pipelines.
  • [EXTERNAL_DOWNLOADS]: The workflow templates reference several well-known and reputable third-party GitHub Actions for specialized tasks:
  • codecov/codecov-action for coverage reporting.
  • aquasecurity/trivy-action for container vulnerability scanning.
  • securego/gosec for static analysis security testing.
  • bearer/bearer-action for data flow analysis.
  • golangci/golangci-lint-action for linting.
  • These sources are well-known in the technology industry and their use here is standard practice for DevOps automation.
  • [SAFE]: The skill includes an extensive security reference (repo-security.md) that explicitly guides users toward industry-standard security configurations, such as:
  • Setting the default GITHUB_TOKEN to read-only.
  • Enforcing branch protection rules with mandatory status checks and approvals.
  • Using OIDC for secure attestations (id-token: write).
  • Restricting fork PR workflows to prevent unauthorized resource consumption.
  • [SAFE]: Elevated permissions (e.g., contents: write, pull-requests: write) are only used where strictly necessary for automation (releases and dependency auto-merging) and are accompanied by explicit security warnings regarding actor verification and branch protection requirements.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 03:11 PM