spring-ai
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [SAFE] (INFO): Analysis of the skill body confirms it is purely educational and instructional. It contains no executable scripts, obfuscated payloads, or malicious commands.
- [CREDENTIALS_UNSAFE] (INFO): The skill follows security best practices by using environment variable placeholders (e.g.,
${OPENAI_API_KEY}) in its configuration examples instead of hardcoding secrets. - [EXTERNAL_DOWNLOADS] (INFO): The dependency definitions (Maven/Gradle) point to legitimate Spring AI artifacts. No suspicious third-party repositories or direct binary download links were found.
- [PROMPT_INJECTION] (INFO): The instructions are focused on guiding the developer on using the Spring AI API. No attempts to override agent behavior or bypass system instructions were identified.
- [INDIRECT_PROMPT_INJECTION] (INFO): While the code templates handle user-provided strings (a common surface for indirect injection in the final application), the skill itself does not ingest untrusted external data during its operation as an AI agent resource.
Audit Metadata