golang-lint
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill utilizes official and trusted tools, including the Go compiler and golangci-lint, installed through the standard Homebrew package manager.
- [SAFE]: The skill configuration follows security best practices by restricting shell command execution to specific, necessary binaries (go, golangci-lint, and git) using tool scoping.
- [SAFE]: The recommended configuration in .golangci.yml proactively enables several security-centric linters, such as gosec (security scanner), bidichk (Trojan source detection), and bodyclose (HTTP resource leak detection).
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it reads untrusted project source code and possesses file-writing and sub-agent spawning capabilities; however, this is a standard risk for coding skills and no specific malicious patterns were detected.
- Ingestion points: Reads project files (e.g., .go, .golangci.yml) via Read, Glob, and Grep tools.
- Boundary markers: Absent; there are no specific markers to separate untrusted code content from agent instructions.
- Capability inventory: Includes file modification (Write, Edit), scoped shell execution (Bash), and autonomous sub-agent creation (Agent).
- Sanitization: Ingested source code is not sanitized or escaped before being processed by the agent or linters.
Audit Metadata