CtrlK
BlogDocsLog inGet started
Tessl Logo

124-java-secure-coding

Use when you need to apply Java secure coding best practices — including validating untrusted inputs, defending against injection attacks with parameterized queries, minimizing attack surface via least privilege, applying strong cryptographic algorithms, handling exceptions securely without exposing sensitive data, managing secrets at runtime, avoiding unsafe deserialization, and encoding output to prevent XSS. This should trigger for requests such as Review Java code for secure coding; Find input validation risks in Java code; Review Java code for injection vulnerabilities; Improve secure error handling in Java services; Harden Java code against common security flaws. Part of Plinth Toolkit

75

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Passed

No known issues

SKILL.md
Quality
Evals
Security

Quality

Content

85%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

The content is well-organized and token-efficient with a strong, validated workflow and clean progressive disclosure. The main weakness is actionability: secure-coding guidance lacks inline executable code examples, deferring them entirely to the reference file.

Suggestions

Add 1–2 short inline good/bad Java code snippets (e.g. PreparedStatement vs string-concatenated query) so the SKILL.md itself is actionable without always opening the reference.

Include a concrete input-validation example snippet (e.g. length/range check) to make the input-validation bullet executable rather than descriptive.

Show a minimal secure-vs-insecure exception-handling pattern inline to demonstrate 'log diagnostic details internally, expose generic messages to clients'.

DimensionReasoningScore

Conciseness

The body is lean and well-structured: terse bullet coverage of each area and concise workflow steps, without explaining concepts Claude already knows. Every section earns its place.

3 / 3

Actionability

Concrete commands are present ('./mvnw compile', './mvnw clean verify'), but the secure-coding patterns themselves offer no inline executable code examples — they rely on the reference file for good/bad code, leaving the SKILL.md guidance partially abstract.

2 / 3

Workflow Clarity

A clearly sequenced 4-step workflow with explicit validation checkpoints: compile-before, stop-on-failure, and verify-after, providing a proper feedback loop for risky code changes.

3 / 3

Progressive Disclosure

The SKILL.md is a concise overview with a single well-signaled one-level-deep reference to references/124-java-secure-coding.md (verified to exist), with content appropriately split out and easy navigation.

3 / 3

Total

11

/

12

Passed

Description

100%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

The description is strong: it enumerates concrete secure-coding capabilities, uses natural trigger phrases, and explicitly covers both the 'what' and the 'when' with Java-specific scoping. It uses third-person voice with no fluff or over-claims.

DimensionReasoningScore

Specificity

Lists multiple concrete actions including 'validating untrusted inputs', 'defending against injection attacks with parameterized queries', 'applying strong cryptographic algorithms', and 'encoding output to prevent XSS' — a comprehensive enumeration of specific capabilities.

3 / 3

Completeness

Explicitly answers both what ('apply Java secure coding best practices — including...') and when via the 'Use when...' clause plus 'This should trigger for requests such as...' listing concrete triggers.

3 / 3

Trigger Term Quality

Includes natural phrases users would actually say such as 'Review Java code for secure coding', 'Find input validation risks in Java code', and 'Review Java code for injection vulnerabilities', giving good coverage of common variations.

3 / 3

Distinctiveness Conflict Risk

Scoped specifically to Java secure coding with distinct, language-anchored triggers, making it unlikely to fire for non-Java or non-security skills.

3 / 3

Total

12

/

12

Passed

Validation

100%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation16 / 16 Passed

Validation for skill structure

No warnings or errors.

Repository
jabrena/plinth
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.