302-frameworks-spring-boot-rest
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted Java source code and OpenAPI specifications to provide design improvements. This creates a surface for indirect prompt injection where instructions hidden in the code comments or metadata of input files could influence agent behavior.
- Ingestion points: Java controller files, DTOs, and OpenAPI specification files (openapi.yaml) in the user project.
- Boundary markers: Absent. No explicit delimiters are used to isolate untrusted input from the agent's instruction context.
- Capability inventory: The agent is authorized to execute shell commands via Maven (mvn, ./mvnw) and modify local file content.
- Sanitization: Absent. No specific validation or filtering of the input code content is described.
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands within the user's project directory, specifically
./mvnw compileandmvn clean verify. These are standard Maven commands for the Java development lifecycle, but they involve running build logic defined in the project's own configuration files.
Audit Metadata