Skills
skills/affaan-m/ecc/quarkus-security/Gen Agent Trust Hub

quarkus-security

Pass

Audited by Gen Agent Trust Hub on May 22, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill provides comprehensive guidance on implementing authentication (JWT, OIDC) and authorization (@RolesAllowed) using standard Quarkus and MicroProfile Security APIs.
  • [SAFE]: Promotes secure input handling by demonstrating the use of Bean Validation (@Valid, @NotBlank, @Email) and custom validators to sanitize user-provided data.
  • [SAFE]: Correctly identifies and prevents SQL injection vulnerabilities by recommending parameterized queries with Quarkus Panache and JPA EntityManager.
  • [SAFE]: Encourages strong password security by demonstrating the use of BCrypt (BcryptUtil) for hashing.
  • [SAFE]: Demonstrates proper secrets management by utilizing environment variable placeholders (e.g., ${OIDC_SECRET}) and integrating with HashiCorp Vault rather than hardcoding credentials.
  • [SAFE]: Provides configuration templates for important security features such as CORS policies, rate limiting, and defensive security headers (CSP, HSTS, X-Frame-Options).
Audit Metadata
Risk Level
SAFE
Analyzed
May 22, 2026, 02:06 PM
Security Audit — agent-trust-hub — quarkus-security