Skills
skills/ruoji6/java-audit-skills/java-xxe-audit/Gen Agent Trust Hub

java-xxe-audit

Fail

Audited by Gen Agent Trust Hub on Apr 11, 2026

Risk Level: CRITICALEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The file references/DECOMPILE_STRATEGY.md includes instructions to download an executable JAR file (cfr-0.152.jar) from https://xget.xi-xu.me/gh/leibnitz27/cfr/releases/download/0.152/cfr-0.152.jar. This third-party domain is not a trusted source and has been explicitly flagged as malicious by automated security scanners.
  • [REMOTE_CODE_EXECUTION]: The skill executes the downloaded binary file using java -jar within references/DECOMPILE_STRATEGY.md. Running binaries from unverified, non-trusted, and flagged domains creates a significant risk of remote code execution.
  • [COMMAND_EXECUTION]: The skill uses several shell commands, such as grep, find, and curl, to scan source code and download external components.
  • [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection (Category 8) because it processes untrusted input while having high-privilege capabilities.
  • Ingestion points: The skill reads project source code, compiled .class files, and .jar archives as specified in SKILL.md and references/DECOMPILE_STRATEGY.md.
  • Boundary markers: Absent; there are no instructions to use delimiters or ignore potentially malicious prompts embedded within the files being audited.
  • Capability inventory: The skill can execute shell commands (grep, find, curl) and run external Java binaries (java -jar) as documented in SKILL.md and references/DECOMPILE_STRATEGY.md.
  • Sanitization: No sanitization or validation of the input source code or byte code is performed before analysis.
Recommendations
  • AI detected serious security threats
  • Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
CRITICAL
Analyzed
Apr 11, 2026, 11:50 AM