cloud-native-patterns
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [No Code] (SAFE): The skill consists entirely of Markdown documentation and does not include any executable scripts (.py, .js, .sh) or binaries.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, secrets, or sensitive file paths were detected. The skill explicitly recommends storing configuration in the environment (Factor 3), which is a security best practice.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The Java code snippets mention standard libraries like Spring Boot and Resilience4j. These are provided as design templates and are not automatically installed or executed by the skill itself.
- [Indirect Prompt Injection] (SAFE): The skill identifies a surface for indirect prompt injection as it uses tools like
Read,Glob, andGrepto analyze codebases. However, this is the primary intended function of the skill and there are no automated execution sinks (e.g., eval or shell execution of read data) that pose a risk.
Audit Metadata