Skills
skills/jeecgboot/skills/jeecg-codegen/Gen Agent Trust Hub

jeecg-codegen

Fail

Audited by Gen Agent Trust Hub on May 9, 2026

Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The SKILL.md file contains multiple instances of shell commands using hardcoded database credentials (-uroot -proot) for MySQL CLI operations.
  • [COMMAND_EXECUTION]: The skill instructions direct the agent to construct and run Bash commands (e.g., mysql, find, ls) using variable interpolation for parameters like {dbname}, {后端根路径}, and {project_vue_root}. The absence of explicit sanitization for these user-provided inputs creates a vulnerability to command injection.
  • [COMMAND_EXECUTION]: The skill defines a workflow to automatically execute generated SQL files against a local database (127.0.0.1/localhost) using the mysql command-line tool.
  • [COMMAND_EXECUTION]: The find command is used with project-relative paths to scan for existing Java and TypeScript files, allowing the agent to read and modify local source code.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 9, 2026, 07:42 AM