java-xxe-audit
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of analyzing untrusted third-party source code and decompiled Java classes. Maliciously crafted comments or string literals within the analyzed code could potentially override agent instructions during the analysis process.
- Ingestion points: Processes content from Java source files (*.java) and decompiled output from bytecode (.class, .jar) via file reading and search tools.
- Boundary markers: The skill does not define explicit delimiters or use specific instructions to ensure the agent ignores embedded commands within the analyzed code segments.
- Capability inventory: The skill possesses the ability to invoke other auditing skills (java-route-mapper, java-route-tracer) and perform decompilation via specialized MCP tools.
- Sanitization: There is no evidence of pre-processing or filtering of the ingested code to sanitize it for potential prompt injection patterns before analysis.
- [EXTERNAL_DOWNLOADS]: The skill provides procedures for acquiring the CFR Java decompiler tool using a dedicated MCP function.
- Evidence: Documentation in DECOMPILE_STRATEGY.md references the use of mcp__java-decompile-mcp__download_cfr_tool for environment setup.
- Context: This download is intended for obtaining a standard auditing utility, and the process is managed through an established MCP interface rather than direct arbitrary URL fetching.
Audit Metadata