springboot-security
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is purely instructional, providing best practices for securing Spring Boot applications. It does not contain any executable scripts or perform any automated actions.
- [PROMPT_INJECTION]: No attempts to override system prompts or bypass safety filters were detected. The instructions are focused on software development security.
- [CREDENTIALS_UNSAFE]: The skill correctly advises against hardcoding secrets, recommending the use of environment variables and external secret management services like HashiCorp Vault. It uses safe placeholders such as
${DB_PASSWORD}and${VAULT_TOKEN}. - [REMOTE_CODE_EXECUTION]: No remote code execution patterns, package installations, or unauthorized network requests were found.
- [DATA_EXFILTRATION]: No sensitive data access or exfiltration patterns were identified. The network examples (CORS and Vault) use placeholder example domains.
- [OBFUSCATION]: The content is clear text and contains no encoded strings, hidden characters, or homoglyphs.
Audit Metadata