Name: Fix Gosec Bug From Issue
Author: securego

name	Fix Gosec Bug From Issue
description	Analyze, reproduce, and fix a gosec bug reported in a GitHub issue with a confirmation-gated workflow.

Fix a gosec bug from a GitHub issue

Use this skill when you want to fix a bug described in a GitHub issue.

Provide at least:

Optional but useful:

Review the GitHub issue thoroughly and extract the problem statement, reproduction hints, expected behavior, and actual behavior.
Try to reproduce the issue against the current master version of gosec.
Analyze the codebase and isolate the root cause.
Produce a detailed, minimal fix plan and stop. Ask for confirmation before changing code.

After confirmation, implement end-to-end:

Keep the fix small and isolated to the issue scope.
Follow good design principles and idiomatic Go.
Add tests for both positive and negative cases.
When a code sample is appropriate, add or update a sample in testutils/ in the relevant rule sample file.
Validate the result:
- Build succeeds
- Relevant tests pass
- golangci-lint has no warnings in changed code
- gosec CLI run on a sample confirms the issue is fixed

First response must only contain:
- Reproduction status on master (or clear blocker)
- Root cause analysis
- Detailed fix plan
- Confirmation request
Do not implement any code changes until confirmation is provided.

name	Fix Gosec Bug From Issue
description	Analyze, reproduce, and fix a gosec bug reported in a GitHub issue with a confirmation-gated workflow.

Use this skill when you want to fix a bug described in a GitHub issue.

Provide at least:

Optional but useful:

Review the GitHub issue thoroughly and extract the problem statement, reproduction hints, expected behavior, and actual behavior.
Try to reproduce the issue against the current master version of gosec.
Analyze the codebase and isolate the root cause.
Produce a detailed, minimal fix plan and stop. Ask for confirmation before changing code.

After confirmation, implement end-to-end:

Keep the fix small and isolated to the issue scope.
Follow good design principles and idiomatic Go.
Add tests for both positive and negative cases.
When a code sample is appropriate, add or update a sample in testutils/ in the relevant rule sample file.
Validate the result:
- Build succeeds
- Relevant tests pass
- golangci-lint has no warnings in changed code
- gosec CLI run on a sample confirms the issue is fixed

First response must only contain:
- Reproduction status on master (or clear blocker)
- Root cause analysis
- Detailed fix plan
- Confirmation request
Do not implement any code changes until confirmation is provided.

fix-gosec-bug-from-issue