golang-dependency-management

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches Go tools and packages from remote repositories.
  • Downloads govulncheck from golang.org/x/vuln, an official repository maintained by the Go team.
  • Mentions installation of golangci-lint from its official GitHub repository, a well-known service for Go linting.
  • References community-maintained Go tools for dependency analysis, such as goweight, go-mod-outdated, and go-size-analyzer (gsa).
  • References go-mod-graph, an interactive dependency explorer provided by the skill author.
  • [COMMAND_EXECUTION]: Executes shell commands to manage Go modules and dependencies.
  • Uses standard go commands such as go mod, go get, and go install for dependency management and tool installation.
  • Employs git for version control operations to ensure go.sum integrity.
  • Uses govulncheck to perform static analysis for vulnerability detection in the dependency graph.
  • [PROMPT_INJECTION]: Includes defensive instructions to govern agent behavior.
  • Mandates that the AI agent MUST ask the user for confirmation before running go get to add any new dependency, preventing the silent or accidental inclusion of unvetted packages.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 11:21 PM
Security Audit — agent-trust-hub — golang-dependency-management