Skills
skills/yennanliu/cs_basics/java-developer/Gen Agent Trust Hub

java-developer

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill is highly susceptible to indirect prompt injection through external data ingestion.
  • Ingestion points: The skill uses Read, Grep, and Glob tools to process external files, specifically documented in the workflow: "Read the problem from leetcode_java/".
  • Boundary markers: There are no markers or delimiters defined to separate untrusted file content from the agent's instructions.
  • Capability inventory: The skill is granted high-privilege tools including Bash (system command execution) and Write/Edit (file system modification).
  • Sanitization: No sanitization, filtering, or validation logic is present to handle instructions embedded within the processed files.
  • [Command Execution] (MEDIUM): The skill explicitly allows the Bash tool and instructs the agent to run mvn compile and mvn test. While standard for Java development, these tools provide a direct path for an attacker to execute arbitrary code if the agent is successfully compromised via prompt injection.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 10:36 AM