maven-search
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOWEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill defines procedures for downloading XML metadata, POM files, and JAR artifacts from 'https://repo1.maven.org' and 'https://search.maven.org'. These are standard industry repositories, but the content is user-contributed.
- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection (Category 8) because it instructs the agent to parse and analyze external XML data.
- Ingestion points: XML content from 'maven-metadata.xml' and '.pom' files as shown in 'examples/get-version-info.md' and 'examples/analyze-dependencies.md'.
- Boundary markers: Absent. The instructions do not provide delimiters or 'ignore embedded instructions' warnings for the external XML content.
- Capability inventory: The skill is primarily for retrieval and information extraction (summarization of dependencies), which limits the impact of an injection.
- Sanitization: None specified. The agent is expected to parse raw XML directly.
- [COMMAND_EXECUTION] (SAFE): No arbitrary command execution or shell spawning was detected in the provided markdown files.
Audit Metadata