java-maven
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to interact with and process Maven configuration files (pom.xml) which are external, untrusted data sources.
- Ingestion points: The skill uses Read and Glob tools to access project files (e.g., assets/pom-template.xml).
- Boundary markers: None identified; the agent is not instructed to ignore instructions embedded in the data.
- Capability inventory: Bash, Write, and Read are requested tools.
- Sanitization: No specific sanitization logic is provided to prevent malicious Maven plugins from executing code during build phases like verify.
- [Command Execution] (LOW): The skill requests broad shell access (Bash) to perform its primary function.
- Evidence: 'allowed-tools: Bash' in SKILL.md allows the agent to run arbitrary shell commands, though the documentation focus is on standard Maven tasks.
Audit Metadata