update-sling-parent-pom
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- Local Command Execution: The skill directs the agent to run build verification commands using Maven (e.g.,
mvn clean verify) via specific version aliases. This is a standard procedure in software development to ensure that dependency changes do not introduce regressions. - Indirect Prompt Injection Surface: The skill involves reading and analyzing project-specific files such as
pom.xmland Java source code to apply upgrades. This represents a security consideration as the agent processes data from the local project environment. - Ingestion points: The skill ingests data from local
pom.xmlfiles and Java source files during the migration process. - Boundary markers: There are no explicit delimiters or specific 'ignore instructions' markers defined for the data read from project files.
- Capability inventory: The skill has the capability to execute shell commands through Maven build goals.
- Sanitization: The skill does not implement specific sanitization or validation of the content found within the ingested project files before processing them.
Audit Metadata