spring-boot-actuator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): The skill contains standard instructional language and configuration patterns. No attempts to override system prompts or bypass safety filters were identified.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials or sensitive file paths were found. While the documentation contains example passwords like "secret", these are used as placeholders in configuration templates. The skill explicitly warns against exposing sensitive endpoints like /env or /heapdump in production environments.
- [Obfuscation] (SAFE): No base64, zero-width characters, or other obfuscation techniques were detected in the source files.
- [Unverifiable Dependencies] (SAFE): The skill references standard, trusted industry components such as the official Spring Boot Actuator and Micrometer libraries. No suspicious external script downloads or piped remote execution patterns were found.
- [Indirect Prompt Injection] (SAFE): The skill does not possess an attack surface for indirect prompt injection as it does not ingest or interpolate untrusted external data into agent prompts. It functions primarily as a static reference for developers.
Audit Metadata