kotlin-tooling-java-to-kotlin
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The workflow in
SKILL.md(Step 3) requires the agent to executegit mvandgit commitcommands to manage file renames and preserve repository history. - [COMMAND_EXECUTION]: Verification steps in
SKILL.md(Step 4) andassets/checklist.mdinstruct the agent to attempt to compile the converted code and run existing tests, which involves executing local tools like compilers (e.g.,kotlinc) and build systems (e.g., Gradle or Maven). - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes external Java source files provided by the user. 1. Ingestion points: The agent reads and analyzes content from
.javafiles as part of its primary conversion process (SKILL.md). 2. Boundary markers: The prompt lacks explicit delimiters or instructions for the agent to ignore potentially malicious instructions embedded within the source files' comments or documentation. 3. Capability inventory: The agent has the capability to execute shell commands (git) and initiate code compilation and test runs (SKILL.md), which could be exploited if the source code contains malicious instructions. 4. Sanitization: The instructions do not include any steps to sanitize or validate the content of the Java files before they are processed or used in the verification phase.
Audit Metadata