The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes local Maven commands such as ./mvnw validate for project health checks, mvn wrapper:wrapper for environment consistency, and ./mvnw verify for testing. These operations are essential to the skill's primary function of managing Java build configurations.
[EXTERNAL_DOWNLOADS]: The skill adds configuration for several industry-standard Maven plugins (e.g., JaCoCo, PiTest, OWASP Dependency Check, SpotBugs) which are downloaded from Maven Central. These tools are provided by reputable organizations and are standard within the Java development community.
[PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection because it reads and processes local pom.xml files. An adversary could potentially place malicious instructions in XML comments or metadata to attempt to influence the agent's analysis, although the structured, step-by-step logic and manual confirmation steps provide significant defense-in-depth.

112-java-maven-plugins