cui-java-unit-testing
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- Indirect Prompt Injection (LOW): The skill provides templates for an AI agent to execute Maven commands and then 'inspect' the results or coverage reports. This creates a surface where malicious content within test logs or reports could attempt to influence the agent's subsequent actions.
- Ingestion points: Maven build output, test result classes, and JaCoCo coverage reports mentioned in
standards/integration-testing.mdandstandards/testing-junit-core.md. - Boundary markers: None are present in the provided task prompts to delimit the untrusted log data.
- Capability inventory: The agent is equipped with the
maven-buildertool, capable of executing lifecycle commands likeclean,test, andverify. - Sanitization: No sanitization or validation of the log content is described before the agent 'inspects' it.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill references the
cuiossGitHub organization. While this organization is not on the global trusted list, the references are for documentation and source code links rather than automated package installations or piped shell executions. - Prompt Injection (SAFE): No instructions designed to bypass AI safety filters or override the system prompt were found. The use of 'CRITICAL' in markdown tasks is strictly instructional for build sequencing.
- No Code Detected (NO_CODE): The skill is composed entirely of markdown documentation. No executable scripts, binaries, or configuration files that could hide malicious logic were included.
Audit Metadata