spring-boot-engineer
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a reference guide for enterprise Java development. It contains standard boilerplate code for REST APIs, data access, and microservices architecture.
- [CREDENTIALS_UNSAFE]: No hardcoded credentials were found. The skill explicitly instructs users to avoid storing secrets in properties files and provides examples using environment variable placeholders (e.g.,
${GIT_PASSWORD},${CONFIG_PASSWORD}). - [EXTERNAL_DOWNLOADS]: The Dockerfile references
eclipse-temurin:17-jdk-alpine, which is a trusted, well-known base image from the Adoptium project. All other external URLs used in the reference guides are non-functional placeholders (e.g.,example.com,localhost). - [PROMPT_INJECTION]: The instructions are task-oriented and focused on development standards (e.g., 'MUST DO', 'MUST NOT DO'). No attempts to override safety filters or hijack agent behavior were detected.
- [COMMAND_EXECUTION]: The skill provides standard build commands (e.g.,
./mvnw install) and Docker entrypoints, which are typical for the described development workflow and do not pose a security risk in this context.
Audit Metadata