skills/giuseppe-trisciuoglio/developer-kit-claude-code/spring-ai-mcp-server-patterns/Gen Agent Trust Hub
spring-ai-mcp-server-patterns
Warn
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The DynamicToolRegistry component in SKILL.md provides a pattern for runtime tool registration, specifically identifying GROOVY_SCRIPT as a supported type, which facilitates the execution of arbitrary scripts.
- [COMMAND_EXECUTION]: The skill requires high-privilege 'Bash' permissions to facilitate project setup and execution, and provides patterns for executing logic via Spring Bean method invocation at runtime.
- [DATA_EXFILTRATION]: The examples.md file includes FileSystemTools and PostgreSqlTools patterns that allow for reading local file contents and executing SQL queries. When combined with the documented RestApiTools, this creates a viable path for sensitive data exfiltration.
- [EXTERNAL_DOWNLOADS]: The documentation provides configuration snippets for Maven and Gradle to fetch dependencies from official Spring and AI model provider repositories (OpenAI, Anthropic), which are trusted sources.
- [PROMPT_INJECTION]: The CodeReviewPrompts component in SKILL.md demonstrates an indirect prompt injection surface by interpolating raw user-provided code strings into LLM prompts using simple string replacement without sanitization.
- Ingestion points: The 'code' parameter in createJavaCodeReviewPrompt and createTestGenerationPrompt methods.
- Boundary markers: Uses markdown triple backticks (```java) as delimiters.
- Capability inventory: The skill allows file system access, network requests, and database queries through various documented components.
- Sanitization: No sanitization is implemented for the code input before interpolation into the prompt template.
Audit Metadata