170-java-documentation
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes shell commands to interact with the Maven build system for validation and documentation generation.
- Evidence: Instructions mandate the execution of
./mvnw validate,./mvnw clean compile, and./mvnw javadoc:javadocto verify project state and render Javadoc HTML. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection attack surface as it ingests and processes source code comments to generate documentation.
- Ingestion points: The skill reads source files in the
src/main/javadirectory during Steps 2, 3, and 4. - Boundary markers: Absent; the instructions do not define delimiters or specific constraints to ignore potentially malicious instructions embedded within code comments.
- Capability inventory: The agent is authorized to modify files (README.md, package-info.java, and source files) and execute shell commands via Maven.
- Sanitization: Absent; the skill does not specify procedures for filtering or sanitizing content extracted from comments before it is used to generate documentation.
Audit Metadata