java-style-guide
Warn
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill directs the agent to execute local Python scripts (
scripts/resolve_style_guides.pyandscripts/validate_trigger_matrix_sync.py) as part of its workflow. These scripts are not included in the skill package, making their logic and security posture unverifiable. - [COMMAND_EXECUTION]: The skill encourages the execution of project-defined build commands, such as
./gradlew testandmvn test, which can execute arbitrary code defined in the target repository's build configuration. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it ingests and processes untrusted Java source code and build files without defined boundary markers or sanitization logic.
- Ingestion points: Java source files (.java) and build descriptor files (pom.xml, build.gradle, build.gradle.kts) used for reviews and refactoring.
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the skill's workflow or templates.
- Capability inventory: The skill utilizes shell execution for Python, Gradle, and Maven, which provides a high-privilege environment for potentially malicious code embedded in processed files.
- Sanitization: There is no evidence of input validation or content escaping for the artifacts being analyzed.
Audit Metadata