113-java-maven-documentation

Pass

Audited by Gen Agent Trust Hub on Jul 11, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill follows a secure architecture for generating documentation from local files. It includes explicit instructions to treat Maven pom.xml files as untrusted input and strictly forbids loading the full content of these files into the model's context.
  • [SAFE]: To mitigate risks of indirect prompt injection, the skill mandates using local XML tooling to extract only specific structural fields. It explicitly blocks the ingestion of arbitrary text sections such as descriptions, names, comments, or plugin configuration bodies.
  • [SAFE]: The skill relies on an internal 'Known plugin catalog' and standard Maven goals. For plugins not in the catalog, it uses general Maven knowledge rather than data from the project files themselves to describe the plugin's purpose.
  • [SAFE]: The provided commands in the documentation template use the Maven Wrapper (./mvnw) and standard JDK utilities (like jwebserver), which are appropriate for the intended development workflow and pose no security risk.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 11, 2026, 05:56 PM