Skills
skills/github/awesome-copilot/create-spring-boot-kotlin-project/Gen Agent Trust Hub

create-spring-boot-kotlin-project

Pass

Audited by Gen Agent Trust Hub on Feb 25, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches a project skeleton from the official Spring Initializr service (https://start.spring.io). This is a well-known and trusted service in the Java development community.
  • [COMMAND_EXECUTION]: Executes several shell commands including java, curl, unzip, and rm to setup the environment. It also runs ./gradlew clean test, which executes the Gradle wrapper script included in the downloaded template.
  • [PROMPT_INJECTION]: The skill interpolates user-provided input (projectName) directly into shell commands for directory creation and unzipping, creating a surface for indirect prompt injection.
  • Ingestion points: The ${input:projectName} variable is used in file path arguments for the unzip command.
  • Boundary markers: No delimiters or protective instructions are used around the interpolated variable to prevent command modification.
  • Capability inventory: The skill possesses the capability to modify the filesystem and execute scripts in the project directory.
  • Sanitization: No explicit validation or escaping of the projectName input is performed prior to its use in shell commands.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 25, 2026, 05:25 AM