backend-java
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is vulnerable to indirect attacks because it ingests untrusted data from codebases and possesses high-privilege execution capabilities. 1. Ingestion points: Reading files via Read, Glob, and Grep. 2. Boundary markers: Absent. 3. Capability inventory: Subprocess execution via Bash, file modification via Write and Edit. 4. Sanitization: Absent.
- Command Execution (HIGH): The 'Bash' tool grants the agent unrestricted shell access. When combined with the intent to work on external Java/Spring projects, an attacker can embed malicious shell commands in project configuration or source files that the agent might execute during builds or tests.
Recommendations
- AI detected serious security threats
Audit Metadata