golang-how-to
Pass
Audited by Gen Agent Trust Hub on May 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill manages the loading of task-specific Go skills from the author's repository (samber/cc-skills-golang). This is a functional orchestration design and does not involve unauthorized code execution.
- [COMMAND_EXECUTION]: Shell access is strictly limited to the git command suite via the allowed-tools configuration, preventing arbitrary command execution.
- [SAFE]: The 'Configure' mode modifies project-level agent configuration files (e.g., CLAUDE.md, AGENTS.md). This feature follows security best practices by using AskUserQuestion for user consent, performing idempotency checks, and utilizing structured editing tools instead of raw shell scripts.
- [PROMPT_INJECTION]: While the skill ingests project configuration files which could technically serve as an indirect injection surface, the risk is mitigated by the requirement for user confirmation before any automated configuration changes are applied and the limited scope of the orchestration logic.
Audit Metadata