spring-boot-in-action
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [SAFE]: The skill's primary purpose is educational, helping users transition from common anti-patterns to idiomatic Spring Boot development. All instructions align with industry-standard development practices.
- [COMMAND_EXECUTION]: The skill includes a utility script
scripts/review.pydesigned for local code analysis. The script performs safe, regex-based string matching on source files provided as arguments to detect configuration and coding issues such as field injection or hardcoded credentials. It does not perform network operations or unauthorized file modifications. - [CREDENTIALS_UNSAFE]: Hardcoded credentials found in
examples/before.md(e.g., 'admin', 'secret123') are explicitly documented as anti-patterns for demonstration purposes. The skill instructions and the accompanying review script specifically identify these as critical issues and provide remediation guidance to externalize them using environment variables.
Audit Metadata