java-junit
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill directs the agent to perform local verification using build tool commands such as
mvn testorgradle test. It also references the use of local Python scripts likescripts/validate-skills.pyfor skill management tasks. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection because it is designed to ingest and process user-provided Java source and test files.
- Ingestion points: Java code and test classes supplied by the user (documented in
SKILL.md). - Boundary markers: Absent; there are no specific instructions or delimiters provided to help the agent ignore malicious instructions potentially embedded within code comments or strings.
- Capability inventory: The agent is empowered to execute shell commands via build tools and local management scripts.
- Sanitization: No evidence of validation, escaping, or filtering of the external code content is present in the skill instructions.
Audit Metadata