144-java-data-oriented-programming
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute
./mvnw compileand./mvnw clean verify. These commands run the Maven Wrapper, a standard shell script used in Java environments to manage project builds and dependencies. This execution happens within the local project context. - [EXTERNAL_DOWNLOADS]: The Maven Wrapper tool mentioned in the skill frequently downloads the required Maven distribution from official Apache repositories if it is not already cached locally. This is a standard and expected behavior for this development tool.
- [PROMPT_INJECTION]: The skill analyzes and refactors Java source code provided by the user, which presents a surface for indirect prompt injection. Malicious instructions embedded in the code comments or logic could potentially attempt to influence the agent's output.
- Ingestion points: The skill reads and processes all Java source files and project configuration files within the user's workspace.
- Boundary markers: The skill does not define specific delimiters or instructions to prevent the agent from obeying instructions that might be hidden within the processed code.
- Capability inventory: The skill is authorized to perform shell command execution via the Maven build system (
./mvnw). - Sanitization: There is no evidence of pre-processing or sanitization to strip potential injection strings from the Java files before analysis.
Audit Metadata