Name: tessl-labs/go-security-basics
Rating: 89.4 (1 reviews)
Author: tessl-labs

tessl-labs/go-security-basics

Security defaults that belong in every Go HTTP server from day one — CORS, security headers, rate limiting, SQL injection prevention, input validation, secrets management, graceful shutdown, and request timeouts.

1.32x

Quality

83%

Does it follow best practices?

Impact

99%

1.32x

Average score across 5 eval scenarios

Securityby

Passed

No known issues

{
  "instruction": "Load all secrets from environment variables, never hardcode them in source",
  "relevant_when": "Agent creates or modifies a Go HTTP server that uses database connections, JWT secrets, API keys, or any credentials",
  "context": "Never hardcode passwords, API keys, JWT secrets, or database connection strings in Go source code. Always use os.Getenv to read secrets from environment variables. Fail fast at startup if required secrets are missing. Use a .env file for local development with .env in .gitignore.",
  "sources": [
    {
      "type": "file",
      "filename": "skills/go-security-basics/SKILL.md",
      "tile": "tessl-labs/go-security-basics@0.2.0"
    }
  ],
  "checklist": [
    {
      "name": "secrets-from-env",
      "rule": "Agent reads database URLs, JWT secrets, API keys, and other credentials from environment variables using os.Getenv rather than hardcoding them in source code",
      "relevant_when": "Agent creates or modifies a Go application that uses secrets"
    },
    {
      "name": "fail-fast-missing-secrets",
      "rule": "Agent validates that required environment variables are set at startup and exits with a clear error message if any are missing",
      "relevant_when": "Agent creates a Go application that requires environment variables"
    }
  ]
}

tessl-labs/go-security-basics

secrets-from-env.json.css-3qkkll{font-size:var(--chakra-font-sizes-sm);font-weight:var(--chakra-font-weights-normal);color:var(--chakra-colors-gray-300);}verifiers/

secrets-from-env.jsonverifiers/