Skills
skills/cloudsen/eliteforge-skills/eliteforge-java-service-generator/Gen Agent Trust Hub

eliteforge-java-service-generator

Pass

Audited by Gen Agent Trust Hub on May 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill performs shell command execution to scaffold and initialize Java projects.
  • The file scripts/generate.py invokes mvn archetype:generate using subprocess.run(). This is implemented safely by passing arguments as a list rather than a shell string, and the script validates core identifiers (company, product, service) against a strict kebab-case regex to prevent injection.
  • The SKILL.md file instructs the agent to execute make install within the directory generated by the Maven process.
  • [EXTERNAL_DOWNLOADS]: The skill triggers remote content downloads as part of its primary function.
  • The Maven archetype generation process connects to remote repositories to fetch the cn.cisdigital.generator.archtype template.
  • [PROMPT_INJECTION]: The skill implements defensive instructions to prevent accidental activation.
  • Both SKILL.md and agents/openai.yaml contain explicit "trigger thresholds," instructing the agent to only use the skill if the user explicitly confirms the project follows the 'EliteForge specification'.
Audit Metadata
Risk Level
SAFE
Analyzed
May 7, 2026, 07:40 AM