Skills
skills/developerscoffee/java-cwe-security-skills/cwe-798-hardcoded-credentials/Gen Agent Trust Hub

cwe-798-hardcoded-credentials

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill is a documentation-only resource providing remediation guidance for CWE-798 in Java codebases.
  • [CREDENTIALS_UNSAFE]: While the skill contains strings that look like API keys and AWS secrets (e.g., 'sk-1234567890abcdef', 'AKIAIOSFODNN7EXAMPLE'), these are explicitly provided as examples of vulnerable code patterns for remediation. They utilize standard documentation placeholder values and do not constitute a credential leak.
  • [COMMAND_EXECUTION]: Includes example grep commands intended for developers to use locally to identify hardcoded secrets in their Java files. These are standard search patterns and do not perform any hidden or malicious actions.
  • [EXTERNAL_DOWNLOADS]: References the official MITRE CWE database and the author's GitHub repository for additional context. These are trusted and vendor-specific sources used for documentation purposes.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 09:38 PM