Skills
skills/amplicode/spring-skills/dto-creator/Gen Agent Trust Hub

dto-creator

Pass

Audited by Gen Agent Trust Hub on Apr 28, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill is designed to ingest and process information from existing project entities to generate DTO source code.
  • Ingestion points: Entity details (fields, types, and validations) are retrieved via the get_entity_details tool as described in Step 2 of the SKILL.md workflow.
  • Boundary markers: The skill does not utilize specific delimiters or instructions to ignore potential commands embedded within the entity metadata during the interpolation process.
  • Capability inventory: The skill performs file-system operations using the Write and Edit tools as part of the generation steps in SKILL.md.
  • Sanitization: No explicit sanitization or validation of the content of entity fields (such as names or annotation parameters) was identified before they are incorporated into the generated Java or Kotlin source code.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 28, 2026, 08:42 AM