backend-go-dependency-management
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends the installation and use of several Go CLI tools from external repositories, including
govulncheck(golang.org),go-mod-outdated(github.com/psampaz),goweight(github.com/jondot), andgo-size-analyzer(github.com/nicholasgasior). These are standard tools for dependency auditing and binary size analysis. - [COMMAND_EXECUTION]: The agent is authorized to execute various Go toolchain commands (
go mod,go get,go list,go install) and Bash-scoped tools for linting and vulnerability checking. The skill provides clear instructions and examples for these operations. - [SAFE]: The skill implements a security-first persona that treats dependencies as long-term commitments. It explicitly instructs the agent to verify standard library alternatives and request user approval before modifying the dependency graph. It also correctly emphasizes the importance of committing
go.sumfor supply-chain integrity and usinggovulncheckto identify reachable vulnerabilities.
Audit Metadata