112-java-maven-plugins
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs standard development operations by executing shell commands such as
./mvnw validateandmvn wrapper:wrapper. These are used for project verification and setup, aligning with the skill's primary purpose as a development tool.\n- [EXTERNAL_DOWNLOADS]: It facilitates the installation of the Maven Wrapper, which downloads official Maven distribution binaries from well-known sources.\n- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it ingests untrusted data frompom.xml(Ingestion points: SKILL.md, references/112-java-maven-plugins.md). While it lacks explicit structural boundary markers for the XML content, the skill manages risk through its capability inventory (executing Maven commands and writing to files) by implementing strict sanitization through mandatory user confirmation checkpoints and automated project validation viamvn validate.
Audit Metadata