The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: In references/examples.md and references/event-driven-patterns-reference.md, the provided Kafka configuration includes spring.json.trusted.packages: "*". This setting permits the deserialization of any class specified in the message headers, creating a significant security risk where an attacker with access to the message broker could trigger arbitrary code execution.
[REMOTE_CODE_EXECUTION]: The event sourcing foundation example in references/examples.md utilizes Class.forName() to dynamically instantiate event classes based on an eventType string retrieved from a database. If the database content or the incoming event type is not strictly validated against a whitelist, this could allow for unintended class instantiation and execution logic.
[COMMAND_EXECUTION]: The SKILL.md file specifies Bash as an allowed tool. While the provided instructions do not contain malicious shell commands, the availability of this tool to an agent following these patterns provides a high-privilege execution environment that requires monitoring.
[EXTERNAL_DOWNLOADS]: The skill's integration testing examples in SKILL.md and references/event-driven-patterns-reference.md utilize Testcontainers to download the confluentinc/cp-kafka:7.5.0 Docker image. This is a well-known and trusted service for Kafka development.

spring-boot-event-driven-patterns