423-frameworks-quarkus-testing-acceptance-tests
Pass
Audited by Gen Agent Trust Hub on Jul 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the execution of Maven commands (
mvn compileandmvn clean verify) to ensure the project is in a valid state before and after generating test code. These commands are standard for Java development environments and are used here for legitimate verification purposes. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests and processes Gherkin
.featurefiles provided in the context. - Ingestion points: External
.featurefiles (e.g.,Order.feature) are read to define test scenarios. - Boundary markers: The skill lacks explicit boundary markers or instructions to the agent to ignore potentially malicious directions embedded within the Gherkin text.
- Capability inventory: The agent is granted the capability to write Java source files and execute build commands (
mvn) based on the content of these files. - Sanitization: No specific sanitization or filtering logic is prescribed for the input text.
- Conclusion: This is considered a low-risk finding as it is inherent to the primary function of a BDD-based code generation tool.
- [EXTERNAL_DOWNLOADS]: The skill references standard development libraries such as Quarkus, Testcontainers, and WireMock. These dependencies are resolved through standard build tools (Maven) from official package registries.
Audit Metadata