spring-boot-project-creator
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches project scaffolding from the well-known Spring Initializr service (https://start.spring.io).
- [COMMAND_EXECUTION]: Uses the Bash tool to execute system commands including curl, unzip, and the Maven wrapper (./mvnw) for project verification.
- [PROMPT_INJECTION]: Vulnerable to indirect prompt injection where untrusted data from user responses could influence shell command execution.
- Ingestion points: User input gathered via AskUserQuestion for parameters such as Group ID, Artifact ID, and Package Name (Step 1).
- Boundary markers: No delimiters or instructions are used to prevent the agent from interpreting user-provided strings as command arguments or sub-commands.
- Capability inventory: The skill utilizes the Bash tool (Steps 2 and 9) and file modification tools (Steps 3-8).
- Sanitization: The instructions lack explicit validation or escaping mechanisms to sanitize user inputs before they are interpolated into the curl command or file paths.
Audit Metadata