golang-dependency-management
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches Go tools and packages from remote repositories.
- Downloads
govulncheckfromgolang.org/x/vuln, an official repository maintained by the Go team. - Mentions installation of
golangci-lintfrom its official GitHub repository, a well-known service for Go linting. - References community-maintained Go tools for dependency analysis, such as
goweight,go-mod-outdated, andgo-size-analyzer(gsa). - References
go-mod-graph, an interactive dependency explorer provided by the skill author. - [COMMAND_EXECUTION]: Executes shell commands to manage Go modules and dependencies.
- Uses standard
gocommands such asgo mod,go get, andgo installfor dependency management and tool installation. - Employs
gitfor version control operations to ensurego.sumintegrity. - Uses
govulncheckto perform static analysis for vulnerability detection in the dependency graph. - [PROMPT_INJECTION]: Includes defensive instructions to govern agent behavior.
- Mandates that the AI agent MUST ask the user for confirmation before running
go getto add any new dependency, preventing the silent or accidental inclusion of unvetted packages.
Audit Metadata