300-frameworks-spring-boot-create-project

Pass

Audited by Gen Agent Trust Hub on Jul 11, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes shell commands to manage system SDKs (sdk), scaffold new applications (spring init), and execute build/test cycles (./mvnw clean verify). These operations are inherent to the skill's purpose as a project generator.
  • [EXTERNAL_DOWNLOADS]: Runtime operations include downloading Java distributions and Spring Boot CLI binaries via SDKMAN, as well as fetching project templates from Spring Initializr. The skill explicitly instructs the agent to seek user confirmation before initiating these downloads.
  • [PROMPT_INJECTION]: An indirect prompt injection surface exists because the skill ingests user-provided strings for project coordinates and dependencies, which are then incorporated into a project that is executed via Maven. However, the skill mitigates this by requiring explicit user confirmation of parameters and tool versions before execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 11, 2026, 05:56 PM