java-auth-audit
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to ingest and analyze untrusted data in the form of Java source code, JAR/class files, and configuration metadata (such as web.xml and shiro.ini). This creates an indirect prompt injection surface where malicious instructions could be embedded within the analyzed content (e.g., in comments or string literals) to influence the agent's analysis or reporting.
- Ingestion points: Processes user-provided directory paths, source files, and compiled binary artifacts.
- Boundary markers: The instructions lack explicit requirements for using delimiters or 'ignore embedded instructions' warnings when processing raw file content.
- Capability inventory: Utilizes file system read/write operations and sub-processes through MCP tools for decompilation tasks.
- Sanitization: No specific sanitization or escaping procedures are defined for the ingested code content before it is included in the final audit reports.
- [EXTERNAL_DOWNLOADS]: The skill references a capability to download the 'CFR' Java decompiler via an MCP tool (mcp__java-decompile-mcp__download_cfr_tool). This is a well-known, standard technology tool used for the skill's primary purpose of security auditing.
- [CREDENTIALS_UNSAFE]: The reference documentation contains common hardcoded secrets (e.g., default Shiro keys like 'kPH+bIxk5D2deZiIxcaaaA==') and example placeholders. These are correctly identified as audit targets for detection purposes rather than secrets belonging to the skill itself.
Audit Metadata