java-dev
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICAL
Full Analysis
- [Security Standards Review] (SAFE): The 'references/security.md' file correctly identifies and provides mitigations for common vulnerabilities including SQL Injection (recommending parameter binding), XSS (recommending OWASP encoders), and CSRF (recommending Spring Security tokens).
- [Data Exposure Protection] (SAFE): The guidelines explicitly mandate data desensitization (masking) for sensitive information like phone numbers and ID cards, and prohibit the logging of sensitive data in plain text.
- [Credential Management] (SAFE): The standards prohibit the storage of passwords in plain text and recommend strong hashing algorithms like BCrypt, PBKDF2, and Argon2.
- [False Positive Analysis] (SAFE): The automated scanner alert for 'logger.info' is a false positive. The string appears in 'references/exception-logging.md' as part of an educational example of how to use SLF4J for logging business events, which is a standard and safe development practice.
- [No Code Execution] (SAFE): The skill contains only Markdown documentation and static code snippets for reference. There are no executable scripts, shell commands, or remote dependency installations.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata