CtrlK
BlogDocsLog inGet started
Tessl Logo

124-java-secure-coding

Use when you need to apply Java secure coding best practices — including validating untrusted inputs, defending against injection attacks with parameterized queries, minimizing attack surface via least privilege, applying strong cryptographic algorithms, handling exceptions securely without exposing sensitive data, managing secrets at runtime, avoiding unsafe deserialization, and encoding output to prevent XSS. This should trigger for requests such as Review Java code for secure coding. Part of cursor-rules-java project

67

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Passed

No known issues

SKILL.md
Quality
Evals
Security

Quality

Content

70%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

The body is well-structured as an overview with a clear, validated workflow and clean one-level reference disclosure. It loses points on conciseness (command repetition) and actionability (the secure-coding application step is abstract with no inline examples).

Suggestions

De-duplicate the compile/verify commands: state them once in the Workflow and have the Constraints section reference those steps rather than restating the commands.

Add at least one inline good/bad code snippet (e.g., a PreparedStatement vs string-concatenation example) so the core secure-coding guidance is actionable without opening the reference.

Tighten the opening paragraph — it restates the frontmatter description; either cut it or replace it with guidance not already in the description.

DimensionReasoningScore

Conciseness

Mostly efficient, but the Constraints and Workflow sections repeat the same './mvnw compile' / 'mvn clean verify' commands, and the opening sentence restates the frontmatter description rather than adding new information.

2 / 3

Actionability

Provides concrete, copy-paste-ready build commands and a specific reference path, but the core secure-coding step is vague ('Implement selected protections for input validation, crypto, secrets, deserialization, and output encoding') with no in-body code examples.

2 / 3

Workflow Clarity

Four numbered steps with explicit validation checkpoints — compile before changes, stop immediately on failure, verify after — forming a clear compile-apply-verify feedback loop.

3 / 3

Progressive Disclosure

A lean overview that signals a single one-level-deep reference (references/124-java-secure-coding.md, verified present) via multiple clearly marked links, with detailed good/bad examples appropriately deferred to that file.

3 / 3

Total

10

/

12

Passed

Description

90%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

A strong, well-scoped description that names many concrete capabilities and provides explicit trigger guidance for a distinct Java secure-coding niche. Its only weakness is the second-person voice, which costs it a specificity point under the rubric.

DimensionReasoningScore

Specificity

Lists eight concrete actions ('validating untrusted inputs, defending against injection attacks with parameterized queries, ... encoding output to prevent XSS'), which would score 3, but the description uses second person ('Use when you need to apply') and the rubric penalizes specificity by one for non-third-person voice.

2 / 3

Completeness

Explicitly answers both 'what' (the enumerated secure-coding actions) and 'when' via a 'Use when...' clause plus 'This should trigger for requests such as Review Java code for secure coding.'

3 / 3

Trigger Term Quality

Includes natural user phrasing — 'Review Java code for secure coding' and 'Java secure coding best practices' — that a user would realistically say when invoking this skill.

3 / 3

Distinctiveness Conflict Risk

Scoped to Java secure coding with a distinct trigger, making it unlikely to fire for unrelated skills.

3 / 3

Total

11

/

12

Passed

Validation

100%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation16 / 16 Passed

Validation for skill structure

No warnings or errors.

Repository
jabrena/cursor-rules-java
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.