The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides templates for shell scripts (e.g., migration_new.sh) that incorporate shell variables directly into Maven commands (e.g., mvn ... -Dmigration.description="$1"). This design creates a potential command injection surface where a malicious description containing shell metacharacters could lead to arbitrary command execution on the host machine.
[DATA_EXFILTRATION]: The environment configuration templates (dev.properties) include fields for database credentials and recommend insecure JDBC connection strings (e.g., useSSL=false&verifyServerCertificate=false). Disabling transport layer security and certificate validation is a poor practice that exposes database credentials and transferred data to Man-in-the-Middle (MitM) attacks.

java-db-migration