cwe-91-xml-injection
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a security remediation guide for Java developers. It includes code snippets demonstrating vulnerable and secure ways to handle XML data.
- [COMMAND_EXECUTION]: The skill includes a local
grepcommand designed to search for string concatenation in Java files. This is a standard utility command used for static analysis and does not involve network activity or elevated privileges. - [EXTERNAL_DOWNLOADS]: The skill contains links to the official MITRE CWE database and the author's GitHub repository for documentation purposes. No automated downloads or remote script executions are present.
Audit Metadata