java-route-tracer
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it is designed to read and interpret untrusted Java source code and bytecode from user-provided paths.\n
- Ingestion points: Processes Java source files (.java), class files (.class), and archives (.jar) found in the user-specified project directory.\n
- Boundary markers: The instructions do not specify wrapping ingested code in delimiters or providing instructions to ignore embedded text, which could allow instructions in comments or strings to influence agent behavior.\n
- Capability inventory: Uses TodoWrite for task management, java-decompile-mcp for code extraction, and template-based subprocess execution.\n
- Sanitization: No filtering or sanitization of the code content is performed before analysis.\n- [EXTERNAL_DOWNLOADS]: The skill instructions mention downloading the CFR Java decompiler tool via a tool call if the binary is not present on the system, which is part of the tool's core functionality.\n- [COMMAND_EXECUTION]: The skill provides Python templates that use subprocess.run to invoke external CLI tools like java-route-mapper on project directories provided by the user.
Audit Metadata