Skills
skills/bitsoex/bitso-java/upgrade-java-25/Gen Agent Trust Hub

upgrade-java-25

Fail

Audited by Gen Agent Trust Hub on Mar 2, 2026

Risk Level: HIGHCOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The file references/preparation.md contains a command that uses sudo to execute keytool. This command is used to modify the system-wide Java certificate truststore (cacerts) at $JAVA_HOME/lib/security/cacerts. Using administrative privileges to alter the root of trust for the Java environment is a high-risk operation.
  • [CREDENTIALS_UNSAFE]: In references/preparation.md, the certificate import command hardcodes the default keystore password changeit. While this is the standard default for Java truststores, including it in automation or documentation is an insecure practice.
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the download of external executable binaries, including the Java Development Kit via sdkman and specific versions of the Gradle build system via the Gradle wrapper. These downloads are from well-known services and are expected as part of the Java upgrade workflow.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 2, 2026, 05:49 PM