The Agent Skills Directory

[COMMAND_EXECUTION]: The skill's core workflow in SKILL.md instructs the agent to run shell commands using Maven and Gradle wrappers (e.g., ./mvnw verify, ./gradlew check) to validate query correctness, security configurations, and test coverage. This is a legitimate functional requirement for a development architect tool.\n- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection attack surface because it processes untrusted user-provided project files and build configurations. Evidence: 1. Ingestion points: Local project source code, pom.xml, and build.gradle files. 2. Boundary markers: Absent in instructions. 3. Capability inventory: Execution of shell-based build lifecycles via the SKILL.md workflow. 4. Sanitization: None described for external content.\n- [SAFE]: The reference guides, particularly references/spring-security.md, implement modern security best practices including stateless JWT authentication, BCrypt password hashing (strength 12), and secure CORS and CSRF configurations for REST APIs.

java-architect