The Agent Skills Directory

[SAFE]: The skill mandates that the AI agent must ask for user confirmation before adding new dependencies, which prevents the silent addition of unnecessary or potentially malicious external code.
[SAFE]: It correctly identifies and enforces the security requirement to commit go.sum files, ensuring that cryptographic checksums are used to verify the integrity of dependencies against supply-chain attacks.
[SAFE]: The skill promotes the use of govulncheck, an official Go security tool that uses static analysis to detect reachable vulnerabilities in the project's dependency tree.
[EXTERNAL_DOWNLOADS]: The skill recommends installing several community-developed CLI tools from GitHub for auditing purposes, such as psampaz/go-mod-outdated for tracking updates, jondot/goweight and nicholasgasior/gsa for binary size analysis, and the author's own samber/go-mod-graph for visualization.
[EXTERNAL_DOWNLOADS]: It references and uses official Go tools from the golang.org/x/ ecosystem and well-known industry tools like golangci-lint.
[COMMAND_EXECUTION]: The skill utilizes Bash tool execution for common Go development tasks, including module management (go mod), package installation (go get, go install), and vulnerability scanning (govulncheck).

golang-dependency-management