sast-spotbugs
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill possesses a high-risk attack surface by processing untrusted external content while having command execution capabilities.
- Ingestion points: The agent reads Java project files and the generated
spotbugs-results.xml(SKILL.md, Instructions Step 1 and 3). - Boundary markers: Absent. There are no instructions to the agent to ignore or delimit embedded natural language instructions found within the source code or report XML.
- Capability inventory: The skill uses
mvn spotbugs:checkandspotbugsCLI, which are powerful command execution tools capable of running arbitrary code if the environment or project is misconfigured. - Sanitization: Absent. The agent is instructed to 'Read the XML output and present findings' without validation or escaping of the content.
- [External Downloads] (MEDIUM): The skill encourages downloading and executing external plugins at runtime.
- Evidence:
mvn spotbugs:check -Dspotbugs.plugins=com.h3xstream.findsecbugs:findsecbugs-plugin:LATEST(SKILL.md, Instruction 2). - Risk: Use of the
:LATESTtag is a security anti-pattern that allows for non-deterministic builds and makes the agent vulnerable to supply chain attacks if the plugin repository is compromised. - [Command Execution] (LOW): The skill relies on executing system-level commands (
mvn,spotbugs) which is necessary for its function but increases the overall risk profile when combined with untrusted project inputs.
Recommendations
- AI detected serious security threats
Audit Metadata