spring-boot-scanner
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: No malicious patterns, prompt injections, or persistence mechanisms were detected. The skill's code and instructions are transparent and consistent with its stated purpose as a developer productivity tool.
- [COMMAND_EXECUTION]: The skill utilizes a bundled Python script (
scripts/detect_patterns.py) and standard shell utilities likegrepto scan local project files. These operations are performed within the local project scope to detect framework annotations and do not pose a security risk. - [EXTERNAL_DOWNLOADS]: The skill is entirely self-contained. It does not perform network requests, download external payloads, or execute code from remote sources. All logic is implemented using Python's standard library.
Audit Metadata