316-frameworks-spring-mongodb-migrations-mongock
Pass
Audited by Gen Agent Trust Hub on Jul 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes standard build commands like
./mvnw compileandmvn clean verifyto validate the application state during migration configuration. These actions are aligned with the skill's primary purpose of maintaining project stability. - [EXTERNAL_DOWNLOADS]: The skill manages official Maven dependencies (e.g., io.mongock, org.testcontainers) from established registries. It incorporates a specific 'EXTERNAL RUNTIME GATE' to ensure Docker images are only pulled with explicit user approval and from policy-approved sources.
- [PROMPT_INJECTION]: The skill processes project configuration files and source code which constitutes an indirect prompt injection surface. The risk is mitigated by mandatory build verification. Ingestion points: pom.xml, dependency management, and source files. Boundary markers: absent. Capability inventory: command execution and file system modification. Sanitization: absent, relies on compilation results.
- [SAFE]: The instructions emphasize safety and stability, enforcing idempotency and compatibility between Spring Boot versions and Mongock drivers. No malicious patterns such as exfiltration, obfuscation, or persistence were detected.
Audit Metadata