leniu-api-development
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill specifies patterns for ingesting untrusted data, creating an attack surface for indirect prompt injection.
- Ingestion points: The documentation instructs the creation of controllers using
@RequestBody LeRequest<T>and@RequestParam MultipartFileto process external user data as shown inSKILL.mdandreferences/real-examples.md. - Boundary markers: The guidelines mandate the use of
@Validatedand@Validannotations for structured data validation, which provide a schema boundary but do not filter for natural language instructions. - Capability inventory: Controllers following these guidelines are capable of database modifications, file generation/export, and triggering asynchronous tasks.
- Sanitization: The validation patterns provided focus on data integrity (e.g.,
@NotNull,@NotBlank) using Jakarta Validation rather than sanitizing inputs for potential instruction injection in downstream AI processing.
Audit Metadata