502-frameworks-micronaut-rest
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the agent to run local shell commands (
./mvnw compile,mvn clean verify) to validate project state and verify REST API improvements. These operations are standard and expected within a developer-oriented skill for Java/Micronaut environments. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it ingests untrusted project data and has shell execution capabilities.
- Ingestion points: The skill analyzes project source code (controllers, DTOs) and OpenAPI specification files.
- Boundary markers: There are no specific delimiters or markers used to isolate untrusted code content during processing.
- Capability inventory: The skill utilizes shell command execution via the Maven wrapper (
./mvnw). - Sanitization: No explicit sanitization or filtering of the ingested source code is documented before the analysis phase.
- [SAFE]: The skill demonstrates a strong security posture by instructing developers to implement centralized error handling that avoids leaking stack traces to clients in production.
- [SAFE]: The instructions encourage the use of Jakarta Bean Validation and security annotations (
@Secured) to maintain robust security boundaries at the API layer.
Audit Metadata