java-vuln-scanner
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection. It parses untrusted Java project files and uses the resulting report as context for the AI to perform 'Vulnerability Trigger Point Analysis'. Maliciously crafted project files could contain instructions within metadata or comments to manipulate the AI's conclusions.
- Ingestion points: pom.xml, build.gradle, and .jar files.
- Boundary markers: No delimiters or safety instructions are used to separate the report content from the AI's analysis instructions.
- Capability inventory: Execution of local scripts and MCP decompilation tools.
- Sanitization: The skill does not validate or sanitize the content of the project files before processing them for AI analysis.
- [COMMAND_EXECUTION]: The skill workflow includes the execution of a local Python script (scripts/scan_dependencies.py) and the usage of an external MCP tool (java-decompile-mcp) to process user-provided files. This behavior is necessary for the skill's primary function but involves interacting with untrusted file system paths.
Audit Metadata