java-testing
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill possesses an inherent vulnerability surface because it is designed to ingest and process external, untrusted Java source code while having access to sensitive tools (Bash, Write).
- Ingestion points: Reads external code files (.java) and build files (pom.xml, build.gradle) via the Read and Glob tools.
- Boundary markers: Absent. The skill does not provide instructions to the agent to ignore instructions embedded in the code it analyzes.
- Capability inventory: The skill has Bash for command execution and Write for file modification (defined in SKILL.md).
- Sanitization: None. The skill relies on the agent's default behavior when handling file content.
- [Command Execution] (MEDIUM): The Bash tool is enabled in SKILL.md. This is a high-privilege tool that can be exploited if the agent is redirected by malicious instructions found within the Java projects it is asked to test.
- [Unverifiable Dependencies] (LOW): The scripts/validate.py script depends on the PyYAML library (import yaml). While a common library, it is an external dependency that should be verified for integrity.
Recommendations
- AI detected serious security threats
Audit Metadata