oidc-hosted-page-go
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to download standard Go libraries (
github.com/coreos/go-oidc/v3/oidcandgolang.org/x/oauth2) which are industry-standard packages for OIDC and OAuth2 implementations. - [COMMAND_EXECUTION]: The documentation includes standard
go getcommands for dependency management in a Go development environment. - [CREDENTIALS_UNSAFE]: The implementation uses environment variables with descriptive placeholders (e.g.,
your_client_id,your_client_secret) for sensitive configuration, correctly avoiding the use of hardcoded credentials. - [DATA_EXFILTRATION]: The skill facilitates communication with the vendor's authentication service (
auth.ssojet.com), which is the intended and necessary behavior for an OIDC integration. - [SAFE]: While the sample code implements a simplified session cookie (Base64 encoded JSON), the author explicitly includes a security warning in the 'Additional Considerations' section recommending the use of professional session management libraries like
gorilla/sessionsfor production environments.
Audit Metadata