kotlin-springboot-hexagonal
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill defines a process for scaffolding code and executing build commands based on untrusted user input such as feature names and entity fields.
- Ingestion points: User-provided feature names, operations, and entity fields as described in agents/feature-scaffold.md.
- Boundary markers: No explicit delimiters or instructions to ignore embedded content are present in the generation templates.
- Capability inventory: The skill allows for writing files to the local file system and executing the ./gradlew build command via the feature-scaffold agent.
- Sanitization: No mention of sanitization or validation of user-provided strings before they are used in code generation or command execution.
- [COMMAND_EXECUTION]: The agents/feature-scaffold.md file instructs the agent to run ./gradlew build to verify compilation of generated code. While this is a standard developer workflow, it constitutes local command execution.
Audit Metadata