spring-boot
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE] (LOW): The skill provides example
application.ymlandapplication.propertiesfiles containing hardcoded default credentials (username: postgres,password: password). While these are common placeholders in documentation, they should be replaced with secure secrets in any operational environment. - [EXTERNAL_DOWNLOADS] (MEDIUM): The skill directs users to install the
spring-bootCLI via Homebrew and utilize thestart.spring.ioservice to bootstrap projects. These represent downloads and installations from external sources not identified on the verified trusted provider list. - [COMMAND_EXECUTION] (LOW): The documentation contains several shell commands intended for tool installation (
brew install) and project initialization (spring init).
Audit Metadata