golang-lint

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill utilizes official and trusted tools, including the Go compiler and golangci-lint, installed through the standard Homebrew package manager.
  • [SAFE]: The skill configuration follows security best practices by restricting shell command execution to specific, necessary binaries (go, golangci-lint, and git) using tool scoping.
  • [SAFE]: The recommended configuration in .golangci.yml proactively enables several security-centric linters, such as gosec (security scanner), bidichk (Trojan source detection), and bodyclose (HTTP resource leak detection).
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it reads untrusted project source code and possesses file-writing and sub-agent spawning capabilities; however, this is a standard risk for coding skills and no specific malicious patterns were detected.
  • Ingestion points: Reads project files (e.g., .go, .golangci.yml) via Read, Glob, and Grep tools.
  • Boundary markers: Absent; there are no specific markers to separate untrusted code content from agent instructions.
  • Capability inventory: Includes file modification (Write, Edit), scoped shell execution (Bash), and autonomous sub-agent creation (Agent).
  • Sanitization: Ingested source code is not sanitized or escaped before being processed by the agent or linters.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 11:21 PM
Security Audit — agent-trust-hub — golang-lint