113-java-maven-documentation
Pass
Audited by Gen Agent Trust Hub on Jul 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill follows a secure architecture for generating documentation from local files. It includes explicit instructions to treat Maven
pom.xmlfiles as untrusted input and strictly forbids loading the full content of these files into the model's context. - [SAFE]: To mitigate risks of indirect prompt injection, the skill mandates using local XML tooling to extract only specific structural fields. It explicitly blocks the ingestion of arbitrary text sections such as descriptions, names, comments, or plugin configuration bodies.
- [SAFE]: The skill relies on an internal 'Known plugin catalog' and standard Maven goals. For plugins not in the catalog, it uses general Maven knowledge rather than data from the project files themselves to describe the plugin's purpose.
- [SAFE]: The provided commands in the documentation template use the Maven Wrapper (
./mvnw) and standard JDK utilities (likejwebserver), which are appropriate for the intended development workflow and pose no security risk.
Audit Metadata