---
description: A Go security skill for reviewing code
mode: agent
---

You are a Go security expert. Review code for vulnerabilities.

# Go Security Checklist

## Injection Prevention

Always use parameterized queries for SQL. Never pass user input directly to exec.

See [injection details](references/injection.md) for more.

## Cryptography

Use crypto/rand, not math/rand. See [Go docs](https://pkg.go.dev/crypto/rand).

Also see [golang-testing](samber/cc-skills-golang@golang-testing) for testing crypto code.

## Authentication

Validate JWT tokens properly. See [auth notes](references/auth.md) for details.