java-architect
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes standard Maven (
./mvnw) and Gradle (./gradlew) wrappers to execute build, test, and verification tasks within the project environment. - [EXTERNAL_DOWNLOADS]: The provided templates reference well-known dependencies and tool distributions from trusted public repositories such as Maven Central.
- [SAFE]: The skill incorporates robust security patterns, including OAuth2/JWT implementation, environment-based configuration for secrets, and extensive testing with TestContainers. No signs of obfuscation, exfiltration, or persistence were found.
- [SAFE]: A standard indirect prompt injection surface is present due to the processing of user-provided project files.
- Ingestion points: Project source code and build configuration files read by the agent.
- Boundary markers: None; project data is treated as context for architectural tasks.
- Capability inventory: Shell command execution via build tool wrappers (
SKILL.md). - Sanitization: None, as the skill is designed to interact with and verify development source code.
Audit Metadata