Skills
skills/vchirrav/product-security-ai-skills/sast-gosec/Gen Agent Trust Hub

sast-gosec

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (LOW): The skill directs the agent to install gosec via go install github.com/securego/gosec/v2/cmd/gosec@latest. This is an external dependency from a source not on the explicit trusted whitelist.
  • COMMAND_EXECUTION (LOW): The skill requires the execution of bash commands to run security scans, which is its primary function.
  • PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection (Category 8) when processing untrusted code. 1. Ingestion points: The agent reads gosec-results.json generated from scanned code. 2. Boundary markers: Absent. 3. Capability inventory: Shell execution. 4. Sanitization: No sanitization is performed on the tool output before the agent processes it.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:43 PM