migrate-spring-to-quarkus
Pass
Audited by Gen Agent Trust Hub on May 22, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were detected during the analysis of the skill's instructions and modules.
- [COMMAND_EXECUTION]: The skill uses shell commands for building projects (
./mvnw,./gradlew) and managing source code repositories (git,gh). These operations are necessary for the stated purpose of application migration and are handled using project-local wrappers when available, which is a security best practice. - [DATA_EXFILTRATION]: The skill demonstrates high security awareness regarding data exposure. It includes specific instructions in
modules/git.mdto scan for credentials (API keys, private keys, tokens) before staging commits and explicitly directs the agent to update.gitignoreto prevent the accidental upload of sensitive AI agent session logs. - [INDIRECT_PROMPT_INJECTION]: As the skill is designed to read, analyze, and modify third-party source code files, it possesses an inherent attack surface for indirect prompt injection. A malicious codebase could attempt to manipulate the agent's behavior through comments or strings. The skill mitigates this by employing a structured, modular approach with strict validation gates and predefined mapping references, rather than relying on unconstrained generation.
Audit Metadata