114-java-maven-search
Pass
Audited by Gen Agent Trust Hub on Jul 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill follows security best practices by defining clear boundaries for data ingestion and tool execution.
- [INDIRECT_PROMPT_INJECTION]: The skill is designed to process external data from Maven repositories but includes robust mitigations. 1. Ingestion points: Data enters through the Maven Central Search API and maven-metadata.xml URLs mentioned in 114-maven-central-search.md. 2. Boundary markers: The skill repeatedly mandates 'No raw remote text ingestion' in SKILL.md and all reference files to prevent the model from interpreting malicious content within POMs or XML files. 3. Capability inventory: The skill has no capabilities for file-write, subprocess execution, or network exfiltration within its own instructions. 4. Sanitization: It requires using structured Search API fields and deterministic URL construction instead of parsing raw untrusted text.
- [EXTERNAL_DOWNLOADS]: The skill references well-known services including search.maven.org and repo1.maven.org for artifact metadata. These are treated as trusted sources for development information and are handled via safe, non-executable URL construction.
- [COMMAND_EXECUTION]: The skill explicitly forbids the agent from running Maven plugins internally (e.g., versions-maven-plugin), instead instructing the user to provide reports generated in their local environment, which preserves the security boundary of the execution environment.
Audit Metadata