Skills
skills/partme-ai/full-stack-skills/spring-ai-alibaba/Gen Agent Trust Hub

spring-ai-alibaba

Pass

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection within the provided Java code examples.\n
  • Ingestion points: External input is ingested via variables like message, style, and question in SKILL.md.\n
  • Boundary markers: Prompt templates in the examples do not use delimiters or instructions to isolate user input from system instructions.\n
  • Capability inventory: The code interacts with the Alibaba DashScope API to perform model operations.\n
  • Sanitization: Examples do not include sanitization or validation of the ingested strings before they are sent to the AI model.\n- [EXTERNAL_DOWNLOADS]: References official Maven and Gradle dependencies from com.alibaba.cloud.ai, which is the official repository for Alibaba Cloud's AI starter libraries.\n- [CREDENTIALS_UNSAFE]: Demonstrates secure credential handling by using environment variable placeholders (${DASHSCOPE_API_KEY}) for API keys, avoiding hardcoded secrets.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 1, 2026, 07:33 AM