quarkus-verification
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE]: The skill serves as a guide for Quarkus application lifecycle management, promoting security best practices like automated testing, static analysis, and dependency auditing.
- [COMMAND_EXECUTION]: The skill utilizes standard development tools such as Maven, Gradle, Docker, and K6 to perform project verification tasks within the user's local environment. These operations are restricted to the context of the project being verified.
- [EXTERNAL_DOWNLOADS]: The skill references well-known and trusted external resources, including official GitHub Actions (actions/checkout, actions/setup-java, actions/cache) and the official OWASP ZAP Docker image (owasp/zap2docker-stable) for security testing. These sources are considered safe within the development and CI/CD context.
- [REMOTE_CODE_EXECUTION]: An automated scan flagged a curl command targeting http://localhost:8080/q/openapi. Technical analysis confirms this command is used solely to download the OpenAPI specification from the local running service for documentation and does not include any execution of the downloaded content.
Audit Metadata