Skills
skills/arvindand/agent-skills/maven-tools/Gen Agent Trust Hub

maven-tools

Pass

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from local project files and external websites.
  • Ingestion points: The skill reads Maven and Gradle build files (e.g., pom.xml, build.gradle) and fetches external content from the internet via WebFetch.
  • Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat external content as untrusted data.
  • Capability inventory: The skill employs MCP tools (mcp__maven-tools__*) for dependency intelligence and uses WebSearch/WebFetch for documentation and research.
  • Sanitization: The skill does not implement validation or sanitization for the data retrieved from external sources before incorporating it into the decision-making process.
  • [EXTERNAL_DOWNLOADS]: The skill references the author's GitHub repository (https://github.com/arvindand/maven-tools-mcp) for setup instructions and uses web tools to retrieve documentation, release notes, and migration guides from external domains.
Audit Metadata
Risk Level
SAFE
Analyzed
May 13, 2026, 04:50 AM