java-best-practices-code-review
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security risks were identified. The skill's behavior is consistent with its stated purpose of performing Java code reviews.
- [PROMPT_INJECTION]: The skill processes untrusted external data (Java source files) which presents a standard surface for indirect prompt injection.
- Ingestion points: The skill ingests content from
.javafiles using theReadtool. - Boundary markers: No specific delimiters or "ignore embedded instructions" warnings are defined to separate ingested code from the agent's instructions.
- Capability inventory: The skill is restricted to file system read-only tools (
Read,Glob,Grep) and lacks write or execution capabilities, significantly limiting the impact of any potential injection. - Sanitization: No explicit sanitization or filtering of the ingested code content is performed.
- [SAFE]: All resource references (standard Java libraries and Spring Framework) are well-known and appropriate for the skill's domain. No external dependencies or remote execution patterns were found.
Audit Metadata