Skills
skills/xu-cell/ai-engineering-init/leniu-java-mq/Gen Agent Trust Hub

leniu-java-mq

Pass

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill defines patterns for processing data from external message queues, establishing a vulnerability surface for indirect prompt injection.
  • Ingestion points: External data enters the system through the onMessage method in XxxMqListenerYyy which consumes MqPayload from MQ topics.
  • Boundary markers: Messages are encapsulated in a MqPayload<String> object and structured using JSON.
  • Capability inventory: The handler logic in XxxMqHandler invokes business services like xxxService.processXxx, which can perform database operations and other stateful business logic.
  • Sanitization: The implementation uses JacksonUtil for structural validation and deserialization into POJOs, but it lacks specific sanitization of string content to filter potential malicious instructions embedded in the message fields.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 7, 2026, 09:04 AM