The Agent Skills Directory

Indirect Prompt Injection (HIGH): The skill ingests results from 'spotbugs-results.xml' which is generated by scanning untrusted Java code. This is a high-risk ingestion point (Category 8) because malicious instructions could be embedded in the source code (e.g., in class names, method names, or constant strings) which then appear in the SAST report. The skill lacks boundary markers or sanitization logic to prevent the agent from obeying such instructions during the summary phase. The risk is elevated because the agent has shell execution capabilities.\n- Command Execution (MEDIUM): The instructions require the agent to execute shell commands ('mvn' and 'spotbugs'). While standard for this task, this is an exploitable capability (Category 8 capability inventory) that could be abused if the agent's reasoning is compromised by malicious input.\n- External Downloads (LOW): The Maven command uses '-Dspotbugs.plugins=...:LATEST', which dynamically downloads a plugin from the internet at runtime. While Maven Central is a trusted source, fetching the 'LATEST' version without checksum verification introduces a minor supply chain risk.

sast-spotbugs