voltdb-development
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs environment verification using standard commands (
docker info,java -version,mvn -version) and executes build scripts (mvn clean package,mvn verify) on the host system to manage the application lifecycle. - [EXTERNAL_DOWNLOADS]: Fetches the official
voltdb/voltdb-enterpriseDocker image and downloads standard Maven dependencies from theorg.voltdbgroup. These are legitimate vendor-controlled resources required for compiling and running the generated code. - [REMOTE_CODE_EXECUTION]: Triggers the execution of compiled Java stored procedures and client code during the integration testing phase (
mvn verify). This code runs within a local testcontainer environment and is the intended primary output of the skill. - [PROMPT_INJECTION]: The skill accepts user-provided schema definitions (table and column names) which are interpolated into code and SQL templates. This represents an indirect prompt injection surface (Category 8), but the risk is minimized by the use of rigid code templates and the skill's specific focus on database development.
Audit Metadata