skills/marsolab/skills/go-lint/Snyk

go-lint

Warn

Audited by Snyk on May 11, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.90). The setup script scripts/setup_golangci_lint.sh includes a fallback install_with_curl that fetches and executes https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh (a public GitHub raw URL), so the skill clearly downloads and runs untrusted third‑party content as part of its required setup workflow which can materially change tool behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 1.00). The setup script calls curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh ... at runtime, which fetches and executes remote code (a required fallback installer), so this URL is a runtime external dependency that executes remote code.

Issues (2)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

MEDIUM

Analyzed

May 11, 2026, 04:41 PM

Issues

2

Security Audit — snyk — go-lint