minecraft-bukkit-pro
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill design relies on ingesting untrusted external data, which is a common vulnerability surface.
- Ingestion points: Instructions explicitly state to 'Always leverage WebSearch and WebFetch' and to 'Examine build configuration' (which may be user-provided or from remote repositories).
- Boundary markers: The skill does not define delimiters (e.g., XML tags or triple quotes) or provide 'ignore embedded instructions' warnings for content retrieved from external sources.
- Capability inventory: The agent is authorized to generate complex Java code, configure build systems (Maven/Gradle), and define database connection logic (HikariCP).
- Sanitization: There are no instructions to sanitize, escape, or validate the content retrieved from the web or project files before use.
- Dynamic Execution (SAFE): The skill mentions 'Reflection patterns' and 'NMS internals'. While these involve dynamic code concepts, they are standard requirements for advanced Minecraft plugin development and are presented as domain expertise rather than malicious execution patterns.
Audit Metadata