java-file-upload-audit
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill workflow involves executing shell-based search commands via ripgrep (rg) to inspect project files. It also orchestrates the use of other agent skills, specifically java-route-mapper and java-route-tracer, and invokes MCP-based tools to decompile Java class and jar files.
- [PROMPT_INJECTION]: An indirect prompt injection surface exists due to the ingestion and processing of untrusted input.
- Ingestion points: The skill reads and analyzes user-provided Java source code and binary files (.java, .class, .jar) to determine application logic.
- Boundary markers: There are no instructions or delimiters provided to prevent the agent from interpreting potentially malicious instructions embedded in comments or strings within the audited code as valid operational commands.
- Capability inventory: The agent is authorized to trigger further searches and skill calls based on the data extracted from the untrusted input.
- Sanitization: No sanitization or validation of the input file content is performed before it is used in logic chains.
Audit Metadata