The Agent Skills Directory

[EXTERNAL_DOWNLOADS] (HIGH): Automated security scans identified langchain4j.open-ai.ch as a malicious or blacklisted domain. This domain appears to be a typosquatting attempt targeting the LangChain4j ecosystem, likely intended to host malicious artifacts or intercept API traffic.\n- [REMOTE_CODE_EXECUTION] (HIGH): The documentation explicitly instructs users to include version 1.8.0 for dev.langchain4j dependencies. However, legitimate versions of these libraries are currently in the 0.x.x range. This mismatch indicates a dependency confusion attack, where a malicious high-versioned package is published to a public registry to override official internal or lower-versioned dependencies during the build process.\n- [COMMAND_EXECUTION] (MEDIUM): The skill's metadata grants the agent high-privilege tool access, including Bash, Write, and Edit. These permissions enable the agent to execute build commands (e.g., Maven or Gradle) that would trigger the download and execution of the suspicious dependencies mentioned in the documentation, potentially leading to a full system compromise.

langchain4j-spring-boot-integration