Skills
skills/furikuri/agent-skills/java-repo-assessment/Gen Agent Trust Hub

java-repo-assessment

Pass

Audited by Gen Agent Trust Hub on Mar 15, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill uses established, industry-standard Maven plugins (PMD, SpotBugs, Checkstyle, JaCoCo, Dependency-Check) from Maven Central via fully-qualified coordinates, which avoids any modification to the local pom.xml file.
  • [COMMAND_EXECUTION]: The skill executes standard build and version control commands (mvn compile, git log, find, xargs, wc). These are used for their intended purpose of gathering metrics and performing static analysis within the local repository context.
  • [EXTERNAL_DOWNLOADS]: The skill downloads Maven plugins from Maven Central and the NVD database for security scanning. These are well-known, trusted sources for Java development tools.
  • [REMOTE_CODE_EXECUTION]: The skill provides an option to run architecture analysis using JBang and a provided script ArchUnitAnalysis.java. While JBang downloads dependencies at runtime, it targets specific, trusted libraries (com.tngtech.archunit, slf4j).
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 15, 2026, 05:59 AM