124-java-secure-coding
Use when you need to apply Java secure coding best practices — including validating untrusted inputs, defending against injection attacks with parameterized queries, minimizing attack surface via least privilege, applying strong cryptographic algorithms, handling exceptions securely without exposing sensitive data, managing secrets at runtime, avoiding unsafe deserialization, and encoding output to prevent XSS. This should trigger for requests such as Review Java code for secure coding. Part of cursor-rules-java project
88
85%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Passed
No known issues
Quality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong skill description that clearly defines its scope around Java secure coding best practices with comprehensive, specific actions listed. It includes explicit 'Use when' guidance and natural trigger terms that users would employ. The only minor weakness is the trailing 'Part of cursor-rules-java project' which adds little selection value, but overall the description is well-crafted for skill selection.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description lists multiple specific concrete actions: validating untrusted inputs, defending against injection attacks with parameterized queries, minimizing attack surface via least privilege, applying strong cryptographic algorithms, handling exceptions securely, managing secrets at runtime, avoiding unsafe deserialization, and encoding output to prevent XSS. | 3 / 3 |
Completeness | The description explicitly answers both 'what' (the comprehensive list of secure coding practices) and 'when' with the opening 'Use when you need to apply Java secure coding best practices' and the explicit trigger example 'This should trigger for requests such as Review Java code for secure coding.' | 3 / 3 |
Trigger Term Quality | Includes many natural keywords a user would say: 'Java secure coding', 'injection attacks', 'parameterized queries', 'least privilege', 'cryptographic algorithms', 'XSS', 'deserialization', 'secrets', 'secure coding best practices'. The example trigger 'Review Java code for secure coding' is also natural. | 3 / 3 |
Distinctiveness Conflict Risk | The description is clearly scoped to Java secure coding specifically, with distinct triggers around security topics like injection, XSS, deserialization, and cryptography. This is unlikely to conflict with general Java skills or non-security-related skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
70%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
The skill has strong workflow clarity with explicit validation checkpoints and good progressive disclosure by deferring detailed patterns to a reference file. However, it lacks any inline code examples for the secure coding patterns it covers, making the body itself more descriptive than actionable. The bullet list of covered topics adds some verbosity that could be trimmed since the reference file presumably covers the same ground.
Suggestions
Add at least 1-2 brief, executable code examples inline (e.g., a PreparedStatement snippet for injection defense or a BCrypt hashing example) so the skill body itself is actionable without requiring the reference file.
Trim or remove the 'What is covered' bullet list, which largely duplicates the skill description and the reference file content, to improve conciseness.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The 'What is covered' bullet list is somewhat redundant with the description and the reference file. The introductory sentence and scope note add modest value but could be tighter. The constraints and workflow sections are reasonably lean, though some repetition exists between constraints and workflow steps. | 2 / 3 |
Actionability | The skill provides concrete commands (mvnw compile, mvn clean verify) and references a detailed guide, but the SKILL.md itself contains no executable code examples for any of the secure coding patterns it lists. The actual actionable content is deferred entirely to the reference file, leaving the skill body as mostly descriptive. | 2 / 3 |
Workflow Clarity | The workflow is clearly sequenced with four explicit steps, includes a pre-condition check (compile before changes), a stop-if-fail gate, and a post-change verification step. The feedback loop of compile → assess → apply → verify with explicit halt conditions is well-structured for a potentially destructive refactoring task. | 3 / 3 |
Progressive Disclosure | The skill provides a clear overview with a single, well-signaled reference to the detailed guide (references/124-java-secure-coding.md). Content is appropriately split between the overview SKILL.md and the detailed reference, with no nested or multi-level indirection. | 3 / 3 |
Total | 10 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- jabrena/cursor-rules-java
- Commit
762cb86
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.