Skills
skills/quarkusio/quarkusdev-skills/quarkus-full-build/Gen Agent Trust Hub

quarkus-full-build

Pass

Audited by Gen Agent Trust Hub on Mar 25, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Executes the mvn install command with optimization flags such as -Dquickly and -T 16C. This is the core functionality intended for automated building of Quarkus projects.
  • [EXTERNAL_DOWNLOADS]: The Maven build process fetches dependencies and plugins from external registries (e.g., Maven Central). This is expected behavior for build tools and uses well-known services.
  • [PROMPT_INJECTION]: The skill processes untrusted output from the Maven build process (e.g., compiler error logs), representing an indirect prompt injection surface (Category 8). Malicious instructions could be embedded in source code to appear in logs, though the risk is minimal in this context.
  • Ingestion points: The subagent monitors Maven stdout/stderr output as defined in the skill instructions.
  • Boundary markers: No explicit delimiters or "ignore instructions" markers are used when processing logs.
  • Capability inventory: The skill has the capability to execute shell commands via Maven.
  • Sanitization: No explicit sanitization or filtering is applied to the log output before it is summarized.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 25, 2026, 10:28 AM