cwe-259-hardcoded-password
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a template for security remediation and does not contain any functional code that executes automatically. All provided scripts (grep) and Java examples are for developer assistance.
- [DATA_EXPOSURE]: The skill includes an example of a hardcoded password ('secretPassword123'), but it is clearly labeled as a 'Vulnerable Pattern' for educational purposes. This does not represent a leak of actual credentials or sensitive data.
- [COMMAND_EXECUTION]: Provides standard 'grep' command examples for local file searching. These are informative snippets intended for manual use by a developer and do not involve unauthorized execution or privilege escalation.
- [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and process Java source code. While this represents an attack surface where malicious comments in the code could attempt to influence the agent, the risk is considered low as the skill's purpose is restricted to identifying and replacing specific credential patterns.
Audit Metadata