Skills
skills/arize-ai/openinference/java-code-reviewer/Gen Agent Trust Hub

java-code-reviewer

Pass

Audited by Gen Agent Trust Hub on Apr 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill runs ./gradlew spotlessCheck and ./gradlew :instrumentation:...:test to validate code formatting and functionality. These commands are executed locally using the project's build system.
  • [EXTERNAL_DOWNLOADS]: Fetches library source jars from Maven Central (repo1.maven.org) when not available in the local Gradle cache. Maven Central is a well-known service for Java dependencies.
  • [DATA_EXFILTRATION]: Accesses the local Gradle cache at ~/.gradle/caches/modules-2/files-2.1/ to read library source files for review. This access is restricted to reading dependencies and does not involve external transmission of sensitive data.
  • [PROMPT_INJECTION]: The skill processes untrusted external code which presents an indirect prompt injection surface (Category 8). Ingestion points: local instrumentor source files and remote jars from Maven Central. Boundary markers: None. Capability inventory: Local command execution via Gradle. Sanitization: None. This risk is inherent to code review functionalities.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 12, 2026, 11:33 AM