maven-search
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- NO_CODE (SAFE): The skill contains no executable scripts (e.g., .py, .js, .sh) or binary files. It is strictly a collection of Markdown documentation and examples for API usage.
- Unverifiable Dependencies & Remote Code Execution (LOW): The skill provides instructions for the agent to download binary JAR files and POM files from the Maven Central Repository (
repo1.maven.org). While Maven Central is a standard, reputable industry resource, any instruction to retrieve remote binaries carries a theoretical risk if the agent is subsequently instructed to execute them. However, no execution instructions are present in the skill itself. - Indirect Prompt Injection (LOW): The skill describes processes for ingesting data from external sources that can be influenced by third parties (anyone can publish to Maven Central).
- Ingestion points: Maven metadata (
maven-metadata.xml), Project Object Model (.pom) files, and Search API JSON responses. - Boundary markers: Absent. The skill does not instruct the agent to use delimiters or ignore embedded instructions when parsing metadata.
- Capability inventory: The skill facilitates network reads via
GETrequests but provides no direct command execution or file-write capabilities. - Sanitization: Absent. There are no instructions to escape or validate strings found in fields like
<description>or<developers>in POM files, which could be used by an attacker to attempt to influence the agent's behavior.
Audit Metadata