Skills
skills/marsolab/skills/go-dev/Gen Agent Trust Hub

go-dev

Fail

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The script scripts/setup_golangci_lint.sh downloads and executes a shell script directly from a remote URL by piping it into a shell. Evidence: curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin in scripts/setup_golangci_lint.sh.
  • [EXTERNAL_DOWNLOADS]: Fetches the official installation script from the golangci-lint GitHub repository. Evidence: URL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh in scripts/setup_golangci_lint.sh.
  • [COMMAND_EXECUTION]: The setup script executes various system-level commands with administrative privileges and modifies the project's development environment. Evidence: 1. Uses sudo to install packages via system package managers (apt, dnf, yum, pacman) in scripts/setup_golangci_lint.sh. 2. Modifies the project Makefile to inject linting targets. 3. Creates a .git/hooks/pre-commit file to ensure the linter runs automatically before every code commit.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 11, 2026, 04:41 PM