spring-boot-security-jwt
Fail
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: CRITICALEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill includes utility scripts that may download well-known, trusted tools like 'jq' using official package managers (apt-get or brew) if they are missing from the system. It also queries the well-known 'api.pwnedpasswords.com' service to help developers implement password breach checks.
- [COMMAND_EXECUTION]: Includes shell scripts designed for local developer use to generate cryptographic keys using 'openssl' and 'keytool', and to test running services via 'curl'.
- [SAFE]: The implementation provides production-ready security patterns for Spring Boot 3.5.x, including JWT blacklisting, refresh token rotation, and secure cookie configuration, adhering to modern security standards.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata