126-java-observability-logging
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions require the use of
./mvnw compileandmvn clean verifyto validate the Java project's state. These are standard development operations but involve executing project-local binaries. - [PROMPT_INJECTION]: The skill analysis process is vulnerable to indirect prompt injection through the ingestion of untrusted project data.
- Ingestion points: Java source code files and Maven configuration data processed at runtime (SKILL.md, references/126-java-observability-logging.md).
- Boundary markers: Absent; the skill does not define specific delimiters or guidelines to distinguish code from malicious instructions embedded in strings or comments.
- Capability inventory: The skill utilizes shell command execution via the Maven build system (
mvn,./mvnw). - Sanitization: No sanitization or filtering is applied to the input code to prevent the agent from potentially obeying embedded commands.
Audit Metadata