423-frameworks-quarkus-testing-acceptance-tests

Pass

Audited by Gen Agent Trust Hub on Jul 11, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill requires the execution of Maven commands (mvn compile and mvn clean verify) to ensure the project is in a valid state before and after generating test code. These commands are standard for Java development environments and are used here for legitimate verification purposes.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests and processes Gherkin .feature files provided in the context.
  • Ingestion points: External .feature files (e.g., Order.feature) are read to define test scenarios.
  • Boundary markers: The skill lacks explicit boundary markers or instructions to the agent to ignore potentially malicious directions embedded within the Gherkin text.
  • Capability inventory: The agent is granted the capability to write Java source files and execute build commands (mvn) based on the content of these files.
  • Sanitization: No specific sanitization or filtering logic is prescribed for the input text.
  • Conclusion: This is considered a low-risk finding as it is inherent to the primary function of a BDD-based code generation tool.
  • [EXTERNAL_DOWNLOADS]: The skill references standard development libraries such as Quarkus, Testcontainers, and WireMock. These dependencies are resolved through standard build tools (Maven) from official package registries.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 11, 2026, 05:56 PM