spring-boot-verify
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary function is to perform static analysis on build and configuration files using benign tools like Grep and Glob. No unauthorized network access or suspicious command execution patterns were detected.
- [DATA_EXPOSURE]: The skill includes rules to detect hardcoded secrets and insecure management configurations within user projects. This is a security-enhancing feature and does not exfiltrate data.
- [PROMPT_INJECTION]: The skill ingests untrusted data from project files (pom.xml, build.gradle, application.yml). While this presents an indirect prompt injection surface, the risk is negligible as the agent lacks dangerous execution capabilities like direct shell access or eval.
Audit Metadata