Skills
skills/xu-cell/ai-engineering-init/leniu-java-task/Gen Agent Trust Hub

leniu-java-task

Pass

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: Information Exposure. The skill metadata and description contain absolute file paths referencing the author's local environment, specifically /Users/xujiajun/Developer/gongsi_proj/.... This exposes the system username ('xujiajun') and the internal project directory structure.
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The provided code templates illustrate the use of external task parameters which represent an untrusted data entry point.
  • Ingestion points: Use of XxlJobHelper.getJobParam() within the cleanData method template to retrieve external configuration.
  • Boundary markers: The templates do not include delimiters or instructions to ignore potential commands embedded in the parameter strings.
  • Capability inventory: The code examples include database operations (via services), Redis interaction, and logging capabilities.
  • Sanitization: While the code demonstrates JSON deserialization using JacksonUtil, it lacks validation or sanitization of the deserialized data before it is used to control business logic.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 7, 2026, 09:04 AM