skills/adobe/skills/code-assessment/Gen Agent Trust Hub

code-assessment

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local shell commands to perform repository analysis and verify code changes. Specifically, it runs a bash script (scripts/analyze.sh) to invoke its detection engine and uses mvn compile to ensure that applied fixes do not break the project build.
  • [DYNAMIC_EXECUTION]: The skill includes a local Java-based analysis engine that is compiled and executed at runtime. The scripts/analyze.sh script uses javac to compile the analyzer/ source package into a temporary system directory and then executes the resulting bytecode using java. This behavior is the primary intended function of the skill's detection logic.
  • [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data from the user's local workspace, such as Java source files and Maven pom.xml files. These files are parsed into snippets that are then interpreted by the AI agent to plan and apply remediation recipes. This attack surface is mitigated by the skill's prescriptive runbook and its focus on the developer's own local codebase.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 02:39 PM
Security Audit — agent-trust-hub — code-assessment