create-spring-boot-kotlin-project
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads a project template from
https://start.spring.io, which is the official Spring Initializr service maintained by VMware/Spring. This is a well-known and trusted service in the Java development community. - [COMMAND_EXECUTION]: Executes standard shell commands to check environment prerequisites (
java -version), manage files (unzip,rm), and initialize the build system (./gradlew clean test). These operations are consistent with the skill's stated purpose of project setup. - [CREDENTIALS_UNSAFE]: Uses default 'rootroot' passwords for local development services like PostgreSQL, Redis, and MongoDB within the generated project files. These are documented as part of the local project skeleton and matching Docker Compose configuration, rather than being exfiltrated or used to access sensitive user systems.
Audit Metadata