313-frameworks-spring-boot-local-testing
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the execution of shell commands such as
./mvnw compile,mvn compile,./mvnw clean verify, andmvn clean verifyto validate project state and improvements. These are standard Maven lifecycle commands necessary for the skill's primary purpose of Java development and testing. - [EXTERNAL_DOWNLOADS]: The reference guide recommends the use of official and well-known Docker images from trusted registries, including PostgreSQL (
postgres:15), Redis (redis:7-alpine), and Elasticsearch (docker.elastic.co/elasticsearch/elasticsearch:8.11.0). These are documented as part of standard service configuration. - [INDIRECT_PROMPT_INJECTION]: The skill operates by reading and modifying project configuration files (e.g.,
pom.xml,compose.yaml,application.yml). These files represent an attack surface where instructions embedded in project data could influence agent behavior. The skill mitigates this by providing strict reference rules and good/bad code examples to guide the agent's modifications. - [CREDENTIALS_UNSAFE]: The documentation explicitly warns against using unsafe credentials (e.g.,
root/admin) in local configurations and provides examples of how to properly manage environment variables for database connections.
Audit Metadata