eliteforge-java-service-generator
Warn
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads project templates from an external remote repository ('cn.cisdigital.generator.archtype') using Maven.\n- [COMMAND_EXECUTION]: The workflow requires the agent to execute 'make install' within the generated project directory, which involves running unverified code produced by the archetype.\n- [REMOTE_CODE_EXECUTION]: By combining the download of a remote template with the immediate execution of its initialization scripts, the skill creates a vector for remote code execution from an unverified external source.\n- [PROMPT_INJECTION]: The generation script supports command-line arguments to override the archetype source and version. A malicious user could potentially use prompt injection to lead the agent to download and execute code from an attacker-controlled repository.
Audit Metadata