300-frameworks-spring-boot-create-project
Pass
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands to interact with SDKMAN and the Spring Boot CLI for environment setup and project generation.- [EXTERNAL_DOWNLOADS]: Downloads development tools such as Java runtimes and the Spring Boot CLI via SDKMAN, and project templates from Spring Initializr.- [REMOTE_CODE_EXECUTION]: Employs the Maven Wrapper (mvnw), a standard tool that downloads and executes the Maven build system engine.- [PROMPT_INJECTION]: The skill processes user-supplied project metadata which is passed to shell commands, creating a potential indirect injection surface. * Ingestion points: User-provided project coordinates and dependencies gathered in Step 1 of references/300-frameworks-spring-boot-create-project.md. * Boundary markers: None explicitly defined in the instructions. * Capability inventory: Shell command execution (sdk, spring init, mvnw) and file system writes throughout SKILL.md. * Sanitization: None explicitly mentioned; relies on the underlying CLI tools.
Audit Metadata