create-spring-boot-java-project

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt embeds explicit plaintext credentials (e.g., "rootroot", "root", "postgres") and instructs the agent to insert them verbatim into configuration files and docker-compose, requiring the model to handle/output secrets directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's required workflow (SKILL.md "Download Spring Boot project template") instructs running curl to fetch https://start.spring.io/starter.zip, pulling a public third-party project archive whose files the agent would ingest and which could materially influence subsequent build/run actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill downloads a project archive at runtime via "curl https://start.spring.io/starter.zip" which is then unzipped and built/run (./mvnw clean test / spring-boot:run), meaning fetched remote code is required and will be executed locally.