skills/developerscoffee/java-cwe-security-skills/cwe-326-inadequate-encryption-strength/Gen Agent Trust Hub
cwe-326-inadequate-encryption-strength
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary purpose is providing educational content and remediation steps for Java security vulnerabilities (CWE-326). It contains no malicious logic, obfuscation, or data exfiltration patterns.
- [COMMAND_EXECUTION]: The skill suggests standard static analysis commands using
grepto identify weak key sizes (e.g., 512 or 1024 bits) and cryptographic generator usage within local Java source files. These commands are diagnostic and do not involve remote execution or unsafe input handling. - [DATA_EXPOSURE]: No sensitive file access or credential harvesting was detected. The code snippets provided are illustrative examples of vulnerable patterns (SHA-1 usage) and educational challenges rather than functional exploits.
Audit Metadata