review-java
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is composed entirely of declarative YAML and Markdown documentation. It does not contain any Python, Node.js, or shell scripts that could execute logic on the host system.
- [SAFE]: No network-related commands (such as curl, wget, or fetch) or external data dependencies are present in the skill definition.
- [SAFE]: The skill does not request or access sensitive files, environment variables, or hardcoded secrets.
- [PROMPT_INJECTION]: Although the skill accepts code as input (an indirect prompt injection surface), the lack of executable capabilities ensures that any embedded instructions cannot escalate into harmful actions.
- [SAFE]: All referenced external skills and repositories belong to the verified author 'nesnilnehc', representing standard modularity rather than a security risk.
Audit Metadata