java-framework-audit
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill consists of documentation and reference material designed to help an agent perform security audits on Java source code. It does not execute commands, access sensitive files, or perform network operations.
- [PROMPT_INJECTION]: As a source code auditing tool, the skill is designed to ingest untrusted third-party code. This creates a surface for indirect prompt injection where instructions could be hidden in the code being analyzed. This is an inherent risk of the auditing task and is mitigated by the skill's specific focus on vulnerability detection patterns.
- [CREDENTIALS_UNSAFE]: The reference documentation includes a known hardcoded cryptographic key (
kPH+bIxk5D2deZiIxcaaaA==) specifically for the purpose of teaching the agent to detect it in vulnerable Shiro configurations (CVE-2016-4437). This is a public vulnerability signature, not a credential exposure from the skill or its user.
Audit Metadata