113-java-maven-documentation
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection vulnerability surface detected.
- Ingestion points: The skill instructions mandate reading every
pom.xmlfile in the workspace (root and submodules) to extract artifact IDs, module names, and descriptions (SKILL.md,references/113-java-maven-documentation.md). - Boundary markers: There are no explicit boundary markers or instructions to the agent to disregard potential instructions found within the XML tags (like
<description>) of the processed files. - Capability inventory: The skill has the capability to read any file in the workspace and write the resulting documentation file to disk.
- Sanitization: The skill does not implement sanitization or validation of the content extracted from the POM files before interpolating it into the final document or processing it, which could allow maliciously crafted metadata to influence the agent's output or behavior.
Audit Metadata