java-maven-gradle
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): The skill instructions in SKILL.md are focused on build tool configuration and do not contain any bypass markers or instruction override attempts.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file paths, or network exfiltration patterns were detected. The example configurations use public, standard libraries.
- Remote Code Execution (SAFE): While the skill allows the use of the 'Bash' tool, which is necessary for Maven and Gradle operations, it does not include any curl-to-bash patterns or downloads from untrusted sources.
- Dynamic Execution (SAFE): The validation script (scripts/validate.py) correctly uses yaml.safe_load() to process configuration files, preventing unsafe deserialization attacks.
- Indirect Prompt Injection (LOW): The skill processes project build files (pom.xml, build.gradle). While this is an ingestion surface for untrusted data, the skill is designed for this purpose and no specific exploitable chains were identified in the static analysis.
Audit Metadata