403-frameworks-quarkus-validation
Pass
Audited by Gen Agent Trust Hub on Jul 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the execution of shell commands such as
./mvnw compileand./mvnw clean verify. While these are standard build lifecycle commands for Java and Quarkus projects, they involve running arbitrary code via the build system and its plugins. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because it reads and processes external data (the user's project source code) to make recommendations. Malicious instructions embedded in the project's Java or configuration files could theoretically attempt to influence the agent's output.
- Ingestion points: Project source code files (Java DTOs, resources, configuration properties) read during the assessment step.
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the workflow.
- Capability inventory: Execution of local shell commands via Maven.
- Sanitization: No specific sanitization or validation of the ingested code content is mentioned.
- [EXTERNAL_DOWNLOADS]: The instructions recommend adding the
io.quarkiverse.httpproblem:quarkus-http-problemdependency. This is a well-known, official community extension for the Quarkus framework used to implement RFC 7807 problem details.
Audit Metadata