springboot-verification
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the execution of standard software development and build commands (e.g.,
mvn,./gradlew,git,grep) to perform lifecycle tasks such as compilation, testing, and reporting. - [PROMPT_INJECTION]: A potential surface for indirect prompt injection exists as the skill processes local source code (
src/directory) which is untrusted external data. Maliciously crafted comments or strings in the code being analyzed could theoretically attempt to influence the agent's subsequent analysis steps. - Ingestion points: Reads project source files via
grepand build tool plugins. - Boundary markers: No explicit instructions are provided to the agent to ignore instructions embedded within the code being scanned.
- Capability inventory: Ability to execute shell commands and file system operations via Maven/Gradle.
- Sanitization: No specific sanitization or filtering of the source code content is performed before processing.
- [SAFE]: The skill incorporates proactive security measures, such as automated CVE scanning and manual grep-based searches for hardcoded secrets and insecure coding patterns (e.g., wildcard CORS configurations and leakage of exception messages).
Audit Metadata