The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill installs the govulncheck tool from golang.org/x/vuln, which is an official security tool maintained by the Go team.
[EXTERNAL_DOWNLOADS]: The skill recommends installing gosec from github.com/securego/gosec, a widely recognized and trusted open-source security linter for Go.
[PROMPT_INJECTION]: The skill defines an 'Audit mode' that ingests project code for security review, creating a surface for indirect prompt injection (Category 8). Evidence: 1. Ingestion points: Code files accessed via Read, Glob, and Grep tools. 2. Boundary markers: Not explicitly defined for the audited content. 3. Capability inventory: Access to Bash (restricted to Go-related commands), Write, and Agent tools. 4. Sanitization: Not present for processed source code. This is an inherent risk of auditing tools and is handled safely here.
[CREDENTIALS_UNSAFE]: References to secrets and keys in the documentation (e.g., AKIA..., mysecretkey) are used strictly as examples or placeholders for developer education and do not contain live or sensitive credentials.

golang-security